From f60441ee984d5e49889d4eb24144d08840df34a6 Mon Sep 17 00:00:00 2001
From: Wolf Vollprecht <w.vollprecht@gmail.com>
Date: Wed, 7 Aug 2024 13:38:14 +0200
Subject: [PATCH] use sandboxed env

---
 src/rattler_build_conda_compat/jinja/jinja.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/rattler_build_conda_compat/jinja/jinja.py b/src/rattler_build_conda_compat/jinja/jinja.py
index 20d7774..f89bc35 100644
--- a/src/rattler_build_conda_compat/jinja/jinja.py
+++ b/src/rattler_build_conda_compat/jinja/jinja.py
@@ -3,6 +3,7 @@
 from typing import Any, TypedDict
 
 import jinja2
+from jinja2.sandbox import SandboxedEnvironment
 import yaml
 
 from rattler_build_conda_compat.jinja.filters import _bool, _split, _version_to_build_string
@@ -29,7 +30,7 @@ def jinja_env() -> jinja2.Environment:
     Target platform, build platform, and mpi are set to linux-64 by default.
     """
 
-    env = jinja2.Environment(
+    env = SandboxedEnvironment(
         variable_start_string="${{",
         variable_end_string="}}",
         trim_blocks=True,