PyPI - RestrictedPython - Versions diffs - 5.3__tar.gz → 5.4__tar.gz - Mend

RestrictedPython 5.3tar.gz → 5.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (140) hide show

{RestrictedPython-5.3 → RestrictedPython-5.4}/CHANGES.rst RENAMED Viewed

@@ -1,10 +1,23 @@
 Changes
 =======
+5.4 (2023-08-30)
+----------------
+Fixes
++++++
+- Fix information disclosure problems through
+  Python's "format" functionality
+  (``format`` and ``format_map`` methods on ``str``/``unicode`` and
+  their instances,
+  ``string.Formatter``).
 5.3 (2023-07-08)
 ----------------
-- Restrict access to some attributes accessible via the ``inspect`` module.
+- Forbid using some attributes providing access to restricted Python internals.
 5.2 (2021-11-19)

{RestrictedPython-5.3 → RestrictedPython-5.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 5.3
+Version: 5.4
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -115,10 +115,23 @@ This example directly executed in Python could harm your system.
 Changes
 =======
+5.4 (2023-08-30)
+----------------
+Fixes
++++++
+- Fix information disclosure problems through
+  Python's "format" functionality
+  (``format`` and ``format_map`` methods on ``str``/``unicode`` and
+  their instances,
+  ``string.Formatter``).
 5.3 (2023-07-08)
 ----------------
-- Restrict access to some attributes accessible via the ``inspect`` module.
+- Forbid using some attributes providing access to restricted Python internals.
 5.2 (2021-11-19)

{RestrictedPython-5.3 → RestrictedPython-5.4}/setup.py RENAMED Viewed

@@ -32,7 +32,7 @@ tests_require = [
 setup(
     name='RestrictedPython',
-    version='5.3',
+    version='5.4',
     url='https://github.com/zopefoundation/RestrictedPython',
     license='ZPL 2.1',
     description=(

{RestrictedPython-5.3 → RestrictedPython-5.4}/src/RestrictedPython/Guards.py RENAMED Viewed

@@ -264,9 +264,12 @@ def safer_getattr(object, name, default=None, getattr=getattr):
     http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
     """
-    if isinstance(object, _compat.basestring) and name == 'format':
+    if name in ('format', 'format_map') and (
+            isinstance(object, _compat.basestring) or (
+            isinstance(object, type)
+            and issubclass(object, _compat.basestring))):
         raise NotImplementedError(
-            'Using format() on a %s is not safe.' % object.__class__.__name__)
+            'Using the string format* methods is not safe')
     if name.startswith('_'):
         raise AttributeError(
             '"{name}" is an invalid attribute name because it '

{RestrictedPython-5.3 → RestrictedPython-5.4}/src/RestrictedPython/Utilities.py RENAMED Viewed

@@ -18,7 +18,21 @@ import string
 utility_builtins = {}
-utility_builtins['string'] = string
+class _AttributeDelegator:
+    def __init__(self, mod, *excludes):
+        """delegate attribute lookups outside *excludes* to module *mod*."""
+        self.__mod = mod
+        self.__excludes = excludes
+    def __getattr__(self, attr):
+        if attr in self.__excludes:
+            raise NotImplementedError(
+                "{}.{} is not safe".format(self.__mod.__name__, attr))
+        return getattr(self.__mod, attr)
+utility_builtins['string'] = _AttributeDelegator(string, "Formatter")
 utility_builtins['math'] = math
 utility_builtins['random'] = random
 utility_builtins['whrandom'] = random

{RestrictedPython-5.3 → RestrictedPython-5.4}/src/RestrictedPython.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 5.3
+Version: 5.4
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -115,10 +115,23 @@ This example directly executed in Python could harm your system.
 Changes
 =======
+5.4 (2023-08-30)
+----------------
+Fixes
++++++
+- Fix information disclosure problems through
+  Python's "format" functionality
+  (``format`` and ``format_map`` methods on ``str``/``unicode`` and
+  their instances,
+  ``string.Formatter``).
 5.3 (2023-07-08)
 ----------------
-- Restrict access to some attributes accessible via the ``inspect`` module.
+- Forbid using some attributes providing access to restricted Python internals.
 5.2 (2021-11-19)

{RestrictedPython-5.3 → RestrictedPython-5.4}/src/RestrictedPython.egg-info/SOURCES.txt RENAMED Viewed

@@ -15,33 +15,6 @@ docs/idea.rst
 docs/index.rst
 docs/logo.jpg
 docs/make.bat
-docs/_build/doctest/output.txt
-docs/_build/html/_images/logo.jpg
-docs/_build/html/_sources/changes.rst.txt
-docs/_build/html/_sources/idea.rst.txt
-docs/_build/html/_sources/index.rst.txt
-docs/_build/html/_sources/contributing/changes_from26to27.rst.txt
-docs/_build/html/_sources/contributing/changes_from30to31.rst.txt
-docs/_build/html/_sources/contributing/changes_from310to311.rst.txt
-docs/_build/html/_sources/contributing/changes_from311to312.rst.txt
-docs/_build/html/_sources/contributing/changes_from31to32.rst.txt
-docs/_build/html/_sources/contributing/changes_from32to33.rst.txt
-docs/_build/html/_sources/contributing/changes_from33to34.rst.txt
-docs/_build/html/_sources/contributing/changes_from34to35.rst.txt
-docs/_build/html/_sources/contributing/changes_from35to36.rst.txt
-docs/_build/html/_sources/contributing/changes_from36to37.rst.txt
-docs/_build/html/_sources/contributing/changes_from37to38.rst.txt
-docs/_build/html/_sources/contributing/changes_from38to39.rst.txt
-docs/_build/html/_sources/contributing/changes_from39to310.rst.txt
-docs/_build/html/_sources/contributing/index.rst.txt
-docs/_build/html/_sources/install/index.rst.txt
-docs/_build/html/_sources/roadmap/index.rst.txt
-docs/_build/html/_sources/upgrade_dependencies/index.rst.txt
-docs/_build/html/_sources/usage/api.rst.txt
-docs/_build/html/_sources/usage/basic_usage.rst.txt
-docs/_build/html/_sources/usage/framework_usage.rst.txt
-docs/_build/html/_sources/usage/index.rst.txt
-docs/_build/html/_sources/usage/policy.rst.txt
 docs/contributing/changes_from26to27.rst
 docs/contributing/changes_from30to31.rst
 docs/contributing/changes_from31to32.rst

{RestrictedPython-5.3 → RestrictedPython-5.4}/tests/builtins/test_utilities.py RENAMED Viewed

@@ -5,7 +5,10 @@ import string
 def test_string_in_utility_builtins():
     from RestrictedPython.Utilities import utility_builtins
-    assert utility_builtins['string'] is string
+    # we no longer provide access to ``string`` itself, only to
+    # a restricted view of it
+    assert utility_builtins['string'].__name__ == string.__name__
 def test_math_in_utility_builtins():

{RestrictedPython-5.3 → RestrictedPython-5.4}/tests/test_Guards.py RENAMED Viewed

@@ -162,7 +162,7 @@ b = a.format('world')
 """
-def test_Guards__safer_getattr__1():
+def test_Guards__safer_getattr__1a():
     """It prevents using the format method of a string.
     format() is considered harmful:
@@ -173,16 +173,120 @@ def test_Guards__safer_getattr__1():
     }
     with pytest.raises(NotImplementedError) as err:
         restricted_exec(STRING_DOT_FORMAT_DENIED, glb)
-    assert 'Using format() on a str is not safe.' == str(err.value)
+    assert 'Using the string format* methods is not safe' == str(err.value)
-UNICODE_DOT_FORMAT_DENIED = """\
+# contributed by Ward Theunisse
+STRING_DOT_FORMAT_MAP_DENIED = """\
+a = 'Hello {foo.__dict__}'
+b = a.format_map({foo:str})
+"""
+def test_Guards__safer_getattr__1b():
+    """It prevents using the format method of a string.
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(STRING_DOT_FORMAT_MAP_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+# contributed by Abhishek Govindarasu
+STR_DOT_FORMAT_DENIED = """\
+str.format('{0.__class__.__mro__[1]}', int)
+"""
+def test_Guards__safer_getattr__1c():
+    """It prevents using the format method of a string.
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(STR_DOT_FORMAT_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+STR_DOT_FORMAT_MAP_DENIED = """\
+str.format_map('Hello {foo.__dict__}', {'foo':str})
+"""
+def test_Guards__safer_getattr__1d():
+    """It prevents using the format method of a string.
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(STR_DOT_FORMAT_MAP_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+USTRING_DOT_FORMAT_DENIED = """\
 a = u'Hello {}'
-b = a.format(u'world')
+b = a.format('world')
 """
-def test_Guards__safer_getattr__2():
+@pytest.mark.skipif(IS_PY3, reason="Python 3 lacks unicode")
+def test_Guards__safer_getattr__2a():
+    """It prevents using the format method of a unicode.
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(USTRING_DOT_FORMAT_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+# contributed by Ward Theunisse
+USTRING_DOT_FORMAT_MAP_DENIED = """\
+a = u'Hello {foo.__dict__}'
+b = a.format_map({foo:str})
+"""
+@pytest.mark.skipif(IS_PY3, reason="Python 3 lacks unicode")
+def test_Guards__safer_getattr__2b():
+    """It prevents using the format method of a unicode.
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(USTRING_DOT_FORMAT_MAP_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+# contributed by Abhishek Govindarasu
+UNICODE_DOT_FORMAT_DENIED = """\
+unicode.format(u'{0.__class__.__mro__[1]}', int)
+"""
+@pytest.mark.skipif(IS_PY3, reason="Python 3 lacks unicode")
+def test_Guards__safer_getattr__2c():
     """It prevents using the format method of a unicode.
     format() is considered harmful:
@@ -193,10 +297,27 @@ def test_Guards__safer_getattr__2():
     }
     with pytest.raises(NotImplementedError) as err:
         restricted_exec(UNICODE_DOT_FORMAT_DENIED, glb)
-    if IS_PY2:  # pragma: PY2
-        assert 'Using format() on a unicode is not safe.' == str(err.value)
-    else:  # pragma: PY3
-        assert 'Using format() on a str is not safe.' == str(err.value)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+UNICODE_DOT_FORMAT_MAP_DENIED = """\
+unicode.format_map(u'Hello {foo.__dict__}', {'foo':str})
+"""
+@pytest.mark.skipif(IS_PY3, reason="Python 3 lacks unicode")
+def test_Guards__safer_getattr__2d():
+    """It prevents using the format method of a unicode.
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(UNICODE_DOT_FORMAT_MAP_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
 SAFER_GETATTR_ALLOWED = """\

{RestrictedPython-5.3 → RestrictedPython-5.4}/tests/test_Utilities.py RENAMED Viewed

@@ -1,5 +1,8 @@
+import pytest
 from RestrictedPython.Utilities import reorder
 from RestrictedPython.Utilities import test
+from RestrictedPython.Utilities import utility_builtins
 def test_Utilities__test_1():
@@ -30,3 +33,13 @@ def test_Utilities__reorder_1():
     _with = [('k2', 'v2'), ('k3', 'v3')]
     without = [('k2', 'v2'), ('k4', 'v4')]
     assert reorder(s, _with, without) == [('k3', 'v3')]
+def test_Utilities_string_Formatter():
+    """Access to ``string.Formatter`` is denied."""
+    string = utility_builtins["string"]
+    # access successful in principle
+    assert string.ascii_lowercase == 'abcdefghijklmnopqrstuvwxyz'
+    with pytest.raises(NotImplementedError) as exc:
+        string.Formatter
+    assert 'string.Formatter is not safe' == str(exc.value)

RestrictedPython-5.3/docs/_build/doctest/output.txt DELETED Viewed

@@ -1,34 +0,0 @@
-Results of doctest builder run on 2023-07-08 09:01:44
-=====================================================
-Document: usage/api
--------------------
-1 items passed all tests:
-  13 tests in default
-13 tests in 1 items.
-13 passed and 0 failed.
-Test passed.
-Document: usage/framework_usage
--------------------------------
-2 items passed all tests:
-   1 tests in default
-   2 tests in own_policy
-3 tests in 2 items.
-3 passed and 0 failed.
-Test passed.
-Document: usage/basic_usage
----------------------------
-1 items passed all tests:
-   4 tests in default
-4 tests in 1 items.
-4 passed and 0 failed.
-Test passed.
-Doctest summary
-===============
-   20 tests
-    0 failures in tests
-    0 failures in setup code
-    0 failures in cleanup code

RestrictedPython-5.3/docs/_build/html/_sources/changes.rst.txt DELETED Viewed

	@@ -1 +0,0 @@
1	- .. include:: ../CHANGES.rst

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from26to27.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 2.6 to Python 2.7
--------------------------------------
-.. literalinclude:: ast/python2_7.ast
-   :diff: ast/python2_6.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from30to31.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.0 to Python 3.1
--------------------------------------
-.. literalinclude:: ast/python3_1.ast
-   :diff: ast/python3_0.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from310to311.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.10 to Python 3.11
--------------------------------------
-.. literalinclude:: ast/python3_11.ast
-   :diff: ast/python3_10.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from311to312.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.11 to Python 3.12
----------------------------------------
-.. literalinclude:: ast/python3_12.ast
-   :diff: ast/python3_11.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from31to32.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.1 to Python 3.2
--------------------------------------
-.. literalinclude:: ast/python3_2.ast
-   :diff: ast/python3_1.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from32to33.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.2 to Python 3.3
--------------------------------------
-.. literalinclude:: ast/python3_3.ast
-   :diff: ast/python3_2.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from33to34.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.3 to Python 3.4
--------------------------------------
-.. literalinclude:: ast/python3_4.ast
-   :diff: ast/python3_3.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from34to35.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.4 to Python 3.5
--------------------------------------
-.. literalinclude:: ast/python3_5.ast
-   :diff: ast/python3_4.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from35to36.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.5 to Python 3.6
--------------------------------------
-.. literalinclude:: ast/python3_6.ast
-   :diff: ast/python3_5.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from36to37.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.6 to Python 3.7
--------------------------------------
-.. literalinclude:: ast/python3_7.ast
-   :diff: ast/python3_6.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from37to38.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.7 to Python 3.8
--------------------------------------
-.. literalinclude:: ast/python3_8.ast
-   :diff: ast/python3_7.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from38to39.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.8 to Python 3.9
--------------------------------------
-.. literalinclude:: ast/python3_9.ast
-   :diff: ast/python3_8.ast

RestrictedPython-5.3/docs/_build/html/_sources/contributing/changes_from39to310.rst.txt DELETED Viewed

@@ -1,5 +0,0 @@
-Changes from Python 3.9 to Python 3.10
--------------------------------------
-.. literalinclude:: ast/python3_10.ast
-   :diff: ast/python3_9.ast

RestrictedPython 5.3__tar.gz → 5.4__tar.gz

RestrictedPython 5.3tar.gz → 5.4tar.gz