RestrictedPython 5.3__py2.py3-none-any.whl → 5.4__py2.py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. RestrictedPython/Guards.py +5 -2
  2. RestrictedPython/Utilities.py +15 -1
  3. {RestrictedPython-5.3.dist-info → RestrictedPython-5.4.dist-info}/METADATA +15 -2
  4. {RestrictedPython-5.3.dist-info → RestrictedPython-5.4.dist-info}/RECORD +7 -7
  5. {RestrictedPython-5.3.dist-info → RestrictedPython-5.4.dist-info}/WHEEL +1 -1
  6. {RestrictedPython-5.3.dist-info → RestrictedPython-5.4.dist-info}/LICENSE.txt +0 -0
  7. {RestrictedPython-5.3.dist-info → RestrictedPython-5.4.dist-info}/top_level.txt +0 -0
RestrictedPython/Guards.py CHANGED
@@ -264,9 +264,12 @@ def safer_getattr(object, name, default=None, getattr=getattr):
264
264
  http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
265
265
 
266
266
  """
267
- if isinstance(object, _compat.basestring) and name == 'format':
267
+ if name in ('format', 'format_map') and (
268
+ isinstance(object, _compat.basestring) or (
269
+ isinstance(object, type)
270
+ and issubclass(object, _compat.basestring))):
268
271
  raise NotImplementedError(
269
- 'Using format() on a %s is not safe.' % object.__class__.__name__)
272
+ 'Using the string format* methods is not safe')
270
273
  if name.startswith('_'):
271
274
  raise AttributeError(
272
275
  '"{name}" is an invalid attribute name because it '
RestrictedPython/Utilities.py CHANGED
@@ -18,7 +18,21 @@ import string
18
18
 
19
19
  utility_builtins = {}
20
20
 
21
- utility_builtins['string'] = string
21
+
22
+ class _AttributeDelegator:
23
+ def __init__(self, mod, *excludes):
24
+ """delegate attribute lookups outside *excludes* to module *mod*."""
25
+ self.__mod = mod
26
+ self.__excludes = excludes
27
+
28
+ def __getattr__(self, attr):
29
+ if attr in self.__excludes:
30
+ raise NotImplementedError(
31
+ "{}.{} is not safe".format(self.__mod.__name__, attr))
32
+ return getattr(self.__mod, attr)
33
+
34
+
35
+ utility_builtins['string'] = _AttributeDelegator(string, "Formatter")
22
36
  utility_builtins['math'] = math
23
37
  utility_builtins['random'] = random
24
38
  utility_builtins['whrandom'] = random
{RestrictedPython-5.3.dist-info → RestrictedPython-5.4.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: RestrictedPython
3
- Version: 5.3
3
+ Version: 5.4
4
4
  Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
5
5
  Home-page: https://github.com/zopefoundation/RestrictedPython
6
6
  Author: Zope Foundation and Contributors
@@ -119,10 +119,23 @@ This example directly executed in Python could harm your system.
119
119
  Changes
120
120
  =======
121
121
 
122
+ 5.4 (2023-08-30)
123
+ ----------------
124
+
125
+ Fixes
126
+ +++++
127
+
128
+ - Fix information disclosure problems through
129
+ Python's "format" functionality
130
+ (``format`` and ``format_map`` methods on ``str``/``unicode`` and
131
+ their instances,
132
+ ``string.Formatter``).
133
+
134
+
122
135
  5.3 (2023-07-08)
123
136
  ----------------
124
137
 
125
- - Restrict access to some attributes accessible via the ``inspect`` module.
138
+ - Forbid using some attributes providing access to restricted Python internals.
126
139
 
127
140
 
128
141
  5.2 (2021-11-19)
{RestrictedPython-5.3.dist-info → RestrictedPython-5.4.dist-info}/RECORD RENAMED
@@ -1,14 +1,14 @@
1
1
  RestrictedPython/Eval.py,sha256=Aoe0YPXAmaY2DcTAycV76mXMtY7AyrvrHZk5pW6t4-4,3345
2
- RestrictedPython/Guards.py,sha256=qFF0tgfZBkx3wFxAEljnorItuuUzXR1ue40fbimqP8k,8033
2
+ RestrictedPython/Guards.py,sha256=TXAXFqwA5M1IPE_eTViyNMOJuDMWF2HPfbB6SWYjwKQ,8143
3
3
  RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
4
4
  RestrictedPython/PrintCollector.py,sha256=jFXjgp8WLj4mEkojEBn5EH0CbpVxVL7qkPq-9czTsgg,1183
5
- RestrictedPython/Utilities.py,sha256=55M4T7k59Zugkf0Tt_kOddITLajxEobD9Hq0kJEmSMQ,2505
5
+ RestrictedPython/Utilities.py,sha256=NpWDdA0H5GrxB8Ljtx4zv_0Xj89gJjXeB_kW6pisijc,2967
6
6
  RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
7
7
  RestrictedPython/_compat.py,sha256=0yS5CXqTswBoH0iNYFGYzpWv-VFLYiZPPaOJS70Ji6Q,713
8
8
  RestrictedPython/compile.py,sha256=vQkXBUDTC4Ng_gX5lGK9AVp61yvy8VdKv9xEamdtv9I,6920
9
9
  RestrictedPython/transformer.py,sha256=T9tzDZW8NrkCvG78HzlB9KRbgQztAckAFeCmDoc27Yk,50038
10
- RestrictedPython-5.3.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
11
- RestrictedPython-5.3.dist-info/METADATA,sha256=bvwHsbFnfBjPFAbVbwZcaHY103aVra16mIbcrFl0PHo,11263
12
- RestrictedPython-5.3.dist-info/WHEEL,sha256=a-zpFRIJzOq5QfuhBzbhiA1eHTzNCJn8OdRvhdNX0Rk,110
13
- RestrictedPython-5.3.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
14
- RestrictedPython-5.3.dist-info/RECORD,,
10
+ RestrictedPython-5.4.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
11
+ RestrictedPython-5.4.dist-info/METADATA,sha256=0hQNUC2lZ3PEr2MIGNeQ9M8c_ZTgbsBpkuIQ4jrSO30,11509
12
+ RestrictedPython-5.4.dist-info/WHEEL,sha256=m9WAupmBd2JGDsXWQGJgMGXIWbQY3F5c2xBJbBhq0nY,110
13
+ RestrictedPython-5.4.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
14
+ RestrictedPython-5.4.dist-info/RECORD,,
{RestrictedPython-5.3.dist-info → RestrictedPython-5.4.dist-info}/WHEEL RENAMED
@@ -1,5 +1,5 @@
1
1
  Wheel-Version: 1.0
2
- Generator: bdist_wheel (0.40.0)
2
+ Generator: bdist_wheel (0.41.1)
3
3
  Root-Is-Purelib: true
4
4
  Tag: py2-none-any
5
5
  Tag: py3-none-any