From 3e3addadc77f6694b5ef3703aa5a004680a88532 Mon Sep 17 00:00:00 2001
From: kira-offgrid <kira@offgridsec.com>
Date: Mon, 23 Jun 2025 04:08:17 +0000
Subject: [PATCH 1/2] fix:
 python.lang.security.audit.exec-detected.exec-detected-manim-utils-docbuild-manim_directive.py

---
 manim/utils/docbuild/manim_directive.py | 55 ++++++++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/manim/utils/docbuild/manim_directive.py b/manim/utils/docbuild/manim_directive.py
index b94b7386c9..738888301d 100644
--- a/manim/utils/docbuild/manim_directive.py
+++ b/manim/utils/docbuild/manim_directive.py
@@ -1,3 +1,56 @@
+
+import ast
+import logging
+
+def secure_exec(code_to_run, user_globals=None):
+    """
+    Secure alternative to exec() with input validation and restricted execution.
+    """
+    if not isinstance(code_to_run, str):
+        raise TypeError("Code must be a string")
+    
+    if user_globals is None:
+        user_globals = {}
+    
+    # Create a restricted globals dictionary
+    restricted_globals = {
+        '__builtins__': {
+            'len': len,
+            'str': str,
+            'int': int,
+            'float': float,
+            'bool': bool,
+            'list': list,
+            'dict': dict,
+            'tuple': tuple,
+            'set': set,
+            'range': range,
+            'enumerate': enumerate,
+            'zip': zip,
+            'print': print,
+        }
+    }
+    
+    # Merge with user globals, but don't allow overriding restricted builtins
+    safe_globals = {**restricted_globals, **user_globals}
+    safe_globals['__builtins__'] = restricted_globals['__builtins__']
+    
+    try:
+        # Compile the code first to validate syntax
+        compiled_code = compile(code_to_run, '<string>', 'exec')
+        
+        # Execute with restricted globals
+        exec(compiled_code, safe_globals)
+        
+    except SyntaxError as e:
+        logging.error(f"Syntax error in code execution: {e}")
+        raise
+    except Exception as e:
+        logging.error(f"Error during code execution: {e}")
+        raise
+
+
+
 r"""
 A directive for including Manim videos in a Sphinx document
 ===========================================================
@@ -304,7 +357,7 @@ def run(self) -> list[nodes.Element]:
 
         try:
             with tempconfig(example_config):
-                run_time = timeit(lambda: exec("\n".join(code), globals()), number=1)
+                run_time = timeit(lambda: secure_exec("\n".join(code), globals()), number=1)
                 video_dir = config.get_dir("video_dir")
                 images_dir = config.get_dir("images_dir")
         except Exception as e:

From 05e5edfcd141332d51581fc4227ae64bc3b14fe6 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 23 Jun 2025 04:08:31 +0000
Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 manim/utils/docbuild/manim_directive.py | 52 ++++++++++++-------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/manim/utils/docbuild/manim_directive.py b/manim/utils/docbuild/manim_directive.py
index 738888301d..666672cc2f 100644
--- a/manim/utils/docbuild/manim_directive.py
+++ b/manim/utils/docbuild/manim_directive.py
@@ -1,47 +1,46 @@
-
-import ast
 import logging
 
+
 def secure_exec(code_to_run, user_globals=None):
     """
     Secure alternative to exec() with input validation and restricted execution.
     """
     if not isinstance(code_to_run, str):
         raise TypeError("Code must be a string")
-    
+
     if user_globals is None:
         user_globals = {}
-    
+
     # Create a restricted globals dictionary
     restricted_globals = {
-        '__builtins__': {
-            'len': len,
-            'str': str,
-            'int': int,
-            'float': float,
-            'bool': bool,
-            'list': list,
-            'dict': dict,
-            'tuple': tuple,
-            'set': set,
-            'range': range,
-            'enumerate': enumerate,
-            'zip': zip,
-            'print': print,
+        "__builtins__": {
+            "len": len,
+            "str": str,
+            "int": int,
+            "float": float,
+            "bool": bool,
+            "list": list,
+            "dict": dict,
+            "tuple": tuple,
+            "set": set,
+            "range": range,
+            "enumerate": enumerate,
+            "zip": zip,
+            "print": print,
         }
     }
-    
+
     # Merge with user globals, but don't allow overriding restricted builtins
     safe_globals = {**restricted_globals, **user_globals}
-    safe_globals['__builtins__'] = restricted_globals['__builtins__']
-    
+    safe_globals["__builtins__"] = restricted_globals["__builtins__"]
+
     try:
         # Compile the code first to validate syntax
-        compiled_code = compile(code_to_run, '<string>', 'exec')
-        
+        compiled_code = compile(code_to_run, "<string>", "exec")
+
         # Execute with restricted globals
         exec(compiled_code, safe_globals)
-        
+
     except SyntaxError as e:
         logging.error(f"Syntax error in code execution: {e}")
         raise
@@ -50,7 +49,6 @@ def secure_exec(code_to_run, user_globals=None):
         raise
 
 
-
 r"""
 A directive for including Manim videos in a Sphinx document
 ===========================================================
@@ -357,7 +355,9 @@ def run(self) -> list[nodes.Element]:
 
         try:
             with tempconfig(example_config):
-                run_time = timeit(lambda: secure_exec("\n".join(code), globals()), number=1)
+                run_time = timeit(
+                    lambda: secure_exec("\n".join(code), globals()), number=1
+                )
                 video_dir = config.get_dir("video_dir")
                 images_dir = config.get_dir("images_dir")
         except Exception as e: