RestrictedPython 5.3a1.dev0__tar.gz → 5.4__tar.gz

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/CHANGES.rst

@@ -1,11 +1,23 @@
 Changes
 =======
 
-5.3a1.dev0 (2022-04-13)
------------------------
+5.4 (2023-08-30)
+----------------
+
+Fixes
++++++
+
+- Fix information disclosure problems through
+  Python's "format" functionality
+  (``format`` and ``format_map`` methods on ``str``/``unicode`` and
+  their instances,
+  ``string.Formatter``).
+
+
+5.3 (2023-07-08)
+----------------
 
-- Allow to use the package with Python 3.11 -- Caution: No security audit has
-  been done so far.
+- Forbid using some attributes providing access to restricted Python internals.
 
 
 5.2 (2021-11-19)

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/MANIFEST.in

@@ -1,6 +1,5 @@
 # Generated from:
 # https://github.com/zopefoundation/meta/tree/master/config/pure-python
-include *.md
 include *.rst
 include *.txt
 include buildout.cfg

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 5.3a1.dev0
+Version: 5.4
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -10,7 +10,6 @@ Project-URL: Documentation, https://restrictedpython.readthedocs.io/
 Project-URL: Source, https://github.com/zopefoundation/RestrictedPython
 Project-URL: Tracker, https://github.com/zopefoundation/RestrictedPython/issues
 Keywords: restricted execution security untrusted code
-Platform: UNKNOWN
 Classifier: Development Status :: 6 - Mature
 Classifier: License :: OSI Approved :: Zope Public License
 Classifier: Programming Language :: Python
@@ -26,7 +25,7 @@ Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Topic :: Security
-Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <3.12
+Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <3.11
 Description-Content-Type: text/x-rst
 Provides-Extra: test
 Provides-Extra: docs
@@ -116,11 +115,23 @@ This example directly executed in Python could harm your system.
 Changes
 =======
 
-5.3a1.dev0 (2022-04-13)
------------------------
+5.4 (2023-08-30)
+----------------
+
+Fixes
++++++
+
+- Fix information disclosure problems through
+  Python's "format" functionality
+  (``format`` and ``format_map`` methods on ``str``/``unicode`` and
+  their instances,
+  ``string.Formatter``).
 
-- Allow to use the package with Python 3.11 -- Caution: No security audit has
-  been done so far.
+
+5.3 (2023-07-08)
+----------------
+
+- Forbid using some attributes providing access to restricted Python internals.
 
 
 5.2 (2021-11-19)
@@ -360,5 +371,3 @@ Bug fixes
 
 - Corresponds to the verison of the RestrictedPython package shipped
   as part of the Zope X3.0.0 release.
-
-

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/constraints.txt

@@ -3,11 +3,8 @@
 # Pin Versions / Version Ranges if necessary.
 isort >= 4.3.2
 # Needed for Appveyor as long as PY2 is supported:
-pytest < 5 ; python_version < '3.11'
-# Python 3.11 needs pytest > 5
-pytest >= 5 ; python_version >= '3.11'
+pytest < 5
+pytest-html < 2
 # coverage 6+ no longer supports Python 2 and coverage results of older
 # versions cannot not combined with newer ones:
-coverage < 6; python_version < '3.11'
-# Python 3.11 requires coverage >= 6,
-coverage >= 6; python_version >= '3.11'
+coverage < 6

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/setup.cfg

@@ -18,17 +18,6 @@ ignore =
 	docs/_build/html/_sources/upgrade_dependencies/*
 	docs/_build/html/_sources/usage/*
 
-[isort]
-force_single_line = True
-combine_as_imports = True
-sections = FUTURE,STDLIB,THIRDPARTY,ZOPE,FIRSTPARTY,LOCALFOLDER
-known_third_party = six, docutils, pkg_resources
-known_zope = 
-known_first_party = 
-default_section = ZOPE
-line_length = 79
-lines_after_imports = 2
-
 [egg_info]
 tag_build = 
 tag_date = 0

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/setup.py

@@ -13,11 +13,11 @@
 ##############################################################################
 """Setup for RestrictedPython package"""
 
-import os
-
 from setuptools import find_packages
 from setuptools import setup
 
+import os
+
 
 def read(*rnames):
     with open(os.path.join(os.path.dirname(__file__), *rnames)) as f:
@@ -32,7 +32,7 @@ tests_require = [
 
 setup(
     name='RestrictedPython',
-    version='5.3a1.dev0',
+    version='5.4',
     url='https://github.com/zopefoundation/RestrictedPython',
     license='ZPL 2.1',
     description=(
@@ -70,7 +70,7 @@ setup(
     package_dir={'': 'src'},
     install_requires=[
     ],
-    python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <3.12",  # NOQA: E501
+    python_requires=">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <3.11",  # NOQA: E501
     tests_require=tests_require,
     extras_require={
         'test': tests_require,

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/src/RestrictedPython/Guards.py

@@ -264,9 +264,12 @@ def safer_getattr(object, name, default=None, getattr=getattr):
     http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
 
     """
-    if isinstance(object, _compat.basestring) and name == 'format':
+    if name in ('format', 'format_map') and (
+            isinstance(object, _compat.basestring) or (
+            isinstance(object, type)
+            and issubclass(object, _compat.basestring))):
         raise NotImplementedError(
-            'Using format() on a %s is not safe.' % object.__class__.__name__)
+            'Using the string format* methods is not safe')
     if name.startswith('_'):
         raise AttributeError(
             '"{name}" is an invalid attribute name because it '

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/src/RestrictedPython/Utilities.py

@@ -18,7 +18,21 @@ import string
 
 utility_builtins = {}
 
-utility_builtins['string'] = string
+
+class _AttributeDelegator:
+    def __init__(self, mod, *excludes):
+        """delegate attribute lookups outside *excludes* to module *mod*."""
+        self.__mod = mod
+        self.__excludes = excludes
+
+    def __getattr__(self, attr):
+        if attr in self.__excludes:
+            raise NotImplementedError(
+                "{}.{} is not safe".format(self.__mod.__name__, attr))
+        return getattr(self.__mod, attr)
+
+
+utility_builtins['string'] = _AttributeDelegator(string, "Formatter")
 utility_builtins['math'] = math
 utility_builtins['random'] = random
 utility_builtins['whrandom'] = random

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/src/RestrictedPython/transformer.py

@@ -22,16 +22,16 @@ the parsed python code to create a modified AST for a byte code generation.
 # http://docs.plone.org/develop/styleguide/python.html
 
 
-import ast
-import contextlib
-import textwrap
-
 from ._compat import IS_PY2
 from ._compat import IS_PY3
 from ._compat import IS_PY34_OR_GREATER
 from ._compat import IS_PY35_OR_GREATER
 from ._compat import IS_PY38_OR_GREATER
 
+import ast
+import contextlib
+import textwrap
+
 
 # For AugAssign the operator must be converted to a string.
 IOPERATOR_TO_STR = {
@@ -77,6 +77,32 @@ FORBIDDEN_FUNC_NAMES = frozenset([
     'breakpoint',
 ])
 
+# inspect attributes. See also
+# https://docs.python.org/3/library/inspect.html
+INSPECT_ATTRIBUTES = frozenset([
+    # traceback
+    "tb_frame",
+    "tb_next",
+    # code
+    "co_code",
+    # frame
+    "f_back",
+    "f_builtins",
+    "f_code",
+    "f_globals",
+    "f_locals",
+    "f_trace",
+    # generator
+    "gi_frame",
+    "gi_code",
+    "gi_yieldfrom",
+    # coroutine
+    "cr_await",
+    "cr_frame",
+    "cr_code",
+    "cr_origin",
+])
+
 
 # When new ast nodes are generated they have no 'lineno' and 'col_offset'.
 # This function copies these two fields from the incoming node
@@ -923,6 +949,14 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
                 '"{name}" is an invalid attribute name because it ends '
                 'with "__roles__".'.format(name=node.attr))
 
+        if node.attr in INSPECT_ATTRIBUTES:
+            msg = ('"%s" is a restricted name,'
+                   ' that is forbidden to access in RestrictedPython.')
+            self.error(
+                node,
+                msg % node.attr,
+            )
+
         if isinstance(node.ctx, ast.Load):
             node = self.node_contents_visit(node)
             new_node = ast.Call(

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/src/RestrictedPython.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 5.3a1.dev0
+Version: 5.4
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -10,7 +10,6 @@ Project-URL: Documentation, https://restrictedpython.readthedocs.io/
 Project-URL: Source, https://github.com/zopefoundation/RestrictedPython
 Project-URL: Tracker, https://github.com/zopefoundation/RestrictedPython/issues
 Keywords: restricted execution security untrusted code
-Platform: UNKNOWN
 Classifier: Development Status :: 6 - Mature
 Classifier: License :: OSI Approved :: Zope Public License
 Classifier: Programming Language :: Python
@@ -26,7 +25,7 @@ Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Topic :: Security
-Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <3.12
+Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <3.11
 Description-Content-Type: text/x-rst
 Provides-Extra: test
 Provides-Extra: docs
@@ -116,11 +115,23 @@ This example directly executed in Python could harm your system.
 Changes
 =======
 
-5.3a1.dev0 (2022-04-13)
------------------------
+5.4 (2023-08-30)
+----------------
+
+Fixes
++++++
+
+- Fix information disclosure problems through
+  Python's "format" functionality
+  (``format`` and ``format_map`` methods on ``str``/``unicode`` and
+  their instances,
+  ``string.Formatter``).
 
-- Allow to use the package with Python 3.11 -- Caution: No security audit has
-  been done so far.
+
+5.3 (2023-07-08)
+----------------
+
+- Forbid using some attributes providing access to restricted Python internals.
 
 
 5.2 (2021-11-19)
@@ -360,5 +371,3 @@ Bug fixes
 
 - Corresponds to the verison of the RestrictedPython package shipped
   as part of the Zope X3.0.0 release.
-
-

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/src/RestrictedPython.egg-info/SOURCES.txt

@@ -1,5 +1,4 @@
 CHANGES.rst
-CONTRIBUTING.md
 COPYRIGHT.txt
 LICENSE.txt
 MANIFEST.in
@@ -94,6 +93,7 @@ tests/transformer/test_functiondef.py
 tests/transformer/test_generic.py
 tests/transformer/test_global_local.py
 tests/transformer/test_import.py
+tests/transformer/test_inspect.py
 tests/transformer/test_iterator.py
 tests/transformer/test_lambda.py
 tests/transformer/test_loop.py

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/tests/builtins/test_utilities.py

@@ -5,7 +5,10 @@ import string
 
 def test_string_in_utility_builtins():
     from RestrictedPython.Utilities import utility_builtins
-    assert utility_builtins['string'] is string
+
+    # we no longer provide access to ``string`` itself, only to
+    # a restricted view of it
+    assert utility_builtins['string'].__name__ == string.__name__
 
 
 def test_math_in_utility_builtins():

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/tests/test_Guards.py

@@ -162,7 +162,7 @@ b = a.format('world')
 """
 
 
-def test_Guards__safer_getattr__1():
+def test_Guards__safer_getattr__1a():
     """It prevents using the format method of a string.
 
     format() is considered harmful:
@@ -173,16 +173,120 @@ def test_Guards__safer_getattr__1():
     }
     with pytest.raises(NotImplementedError) as err:
         restricted_exec(STRING_DOT_FORMAT_DENIED, glb)
-    assert 'Using format() on a str is not safe.' == str(err.value)
+    assert 'Using the string format* methods is not safe' == str(err.value)
 
 
-UNICODE_DOT_FORMAT_DENIED = """\
+# contributed by Ward Theunisse
+STRING_DOT_FORMAT_MAP_DENIED = """\
+a = 'Hello {foo.__dict__}'
+b = a.format_map({foo:str})
+"""
+
+
+def test_Guards__safer_getattr__1b():
+    """It prevents using the format method of a string.
+
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(STRING_DOT_FORMAT_MAP_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+
+
+# contributed by Abhishek Govindarasu
+STR_DOT_FORMAT_DENIED = """\
+str.format('{0.__class__.__mro__[1]}', int)
+"""
+
+
+def test_Guards__safer_getattr__1c():
+    """It prevents using the format method of a string.
+
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(STR_DOT_FORMAT_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+
+
+STR_DOT_FORMAT_MAP_DENIED = """\
+str.format_map('Hello {foo.__dict__}', {'foo':str})
+"""
+
+
+def test_Guards__safer_getattr__1d():
+    """It prevents using the format method of a string.
+
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(STR_DOT_FORMAT_MAP_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+
+
+USTRING_DOT_FORMAT_DENIED = """\
 a = u'Hello {}'
-b = a.format(u'world')
+b = a.format('world')
 """
 
 
-def test_Guards__safer_getattr__2():
+@pytest.mark.skipif(IS_PY3, reason="Python 3 lacks unicode")
+def test_Guards__safer_getattr__2a():
+    """It prevents using the format method of a unicode.
+
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(USTRING_DOT_FORMAT_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+
+
+# contributed by Ward Theunisse
+USTRING_DOT_FORMAT_MAP_DENIED = """\
+a = u'Hello {foo.__dict__}'
+b = a.format_map({foo:str})
+"""
+
+
+@pytest.mark.skipif(IS_PY3, reason="Python 3 lacks unicode")
+def test_Guards__safer_getattr__2b():
+    """It prevents using the format method of a unicode.
+
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(USTRING_DOT_FORMAT_MAP_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+
+
+# contributed by Abhishek Govindarasu
+UNICODE_DOT_FORMAT_DENIED = """\
+unicode.format(u'{0.__class__.__mro__[1]}', int)
+"""
+
+
+@pytest.mark.skipif(IS_PY3, reason="Python 3 lacks unicode")
+def test_Guards__safer_getattr__2c():
     """It prevents using the format method of a unicode.
 
     format() is considered harmful:
@@ -193,10 +297,27 @@ def test_Guards__safer_getattr__2():
     }
     with pytest.raises(NotImplementedError) as err:
         restricted_exec(UNICODE_DOT_FORMAT_DENIED, glb)
-    if IS_PY2:  # pragma: PY2
-        assert 'Using format() on a unicode is not safe.' == str(err.value)
-    else:  # pragma: PY3
-        assert 'Using format() on a str is not safe.' == str(err.value)
+    assert 'Using the string format* methods is not safe' == str(err.value)
+
+
+UNICODE_DOT_FORMAT_MAP_DENIED = """\
+unicode.format_map(u'Hello {foo.__dict__}', {'foo':str})
+"""
+
+
+@pytest.mark.skipif(IS_PY3, reason="Python 3 lacks unicode")
+def test_Guards__safer_getattr__2d():
+    """It prevents using the format method of a unicode.
+
+    format() is considered harmful:
+    http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
+    """
+    glb = {
+        '__builtins__': safe_builtins,
+    }
+    with pytest.raises(NotImplementedError) as err:
+        restricted_exec(UNICODE_DOT_FORMAT_MAP_DENIED, glb)
+    assert 'Using the string format* methods is not safe' == str(err.value)
 
 
 SAFER_GETATTR_ALLOWED = """\

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/tests/test_Utilities.py

@@ -1,5 +1,8 @@
+import pytest
+
 from RestrictedPython.Utilities import reorder
 from RestrictedPython.Utilities import test
+from RestrictedPython.Utilities import utility_builtins
 
 
 def test_Utilities__test_1():
@@ -30,3 +33,13 @@ def test_Utilities__reorder_1():
     _with = [('k2', 'v2'), ('k3', 'v3')]
     without = [('k2', 'v2'), ('k4', 'v4')]
     assert reorder(s, _with, without) == [('k3', 'v3')]
+
+
+def test_Utilities_string_Formatter():
+    """Access to ``string.Formatter`` is denied."""
+    string = utility_builtins["string"]
+    # access successful in principle
+    assert string.ascii_lowercase == 'abcdefghijklmnopqrstuvwxyz'
+    with pytest.raises(NotImplementedError) as exc:
+        string.Formatter
+    assert 'string.Formatter is not safe' == str(exc.value)

RestrictedPython-5.4/tests/transformer/test_inspect.py

@@ -0,0 +1,60 @@
+from RestrictedPython import compile_restricted_exec
+
+
+def test_get_inspect_frame_on_generator():
+    source_code = """
+generator = (statement.gi_frame for _ in (1,))
+generator_element = [elem for elem in generator][0]
+
+"""
+    result = compile_restricted_exec(source_code)
+    assert result.errors == (
+        'Line 2: "gi_frame" is a restricted name, '
+        'that is forbidden to access in RestrictedPython.',
+    )
+
+
+def test_get_inspect_frame_back_on_generator():
+    source_code = """
+generator = (statement.gi_frame.f_back.f_back for _ in (1,))
+generator_element = [elem for elem in generator][0]
+
+"""
+    result = compile_restricted_exec(source_code)
+    assert result.errors == (
+        'Line 2: "f_back" is a restricted name, '
+        'that is forbidden to access in RestrictedPython.',
+        'Line 2: "f_back" is a restricted name, '
+        'that is forbidden to access in RestrictedPython.',
+        'Line 2: "gi_frame" is a restricted name, '
+        'that is forbidden to access in RestrictedPython.',
+    )
+
+
+def test_call_inspect_frame_on_generator():
+    source_code = """
+generator = None
+frame = None
+
+def test():
+    global generator, frame
+    frame = g.gi_frame.f_back.f_back
+    yield frame
+
+generator = test()
+generator.send(None)
+os = frame.f_builtins.get('__import__')('os')
+
+result = os.listdir('/')
+"""
+    result = compile_restricted_exec(source_code)
+    assert result.errors == (
+        'Line 7: "f_back" is a restricted name, '
+        'that is forbidden to access in RestrictedPython.',
+        'Line 7: "f_back" is a restricted name, '
+        'that is forbidden to access in RestrictedPython.',
+        'Line 7: "gi_frame" is a restricted name, '
+        'that is forbidden to access in RestrictedPython.',
+        'Line 12: "f_builtins" is a restricted name, '
+        'that is forbidden to access in RestrictedPython.',
+    )

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/tox.ini

@@ -11,7 +11,6 @@ envlist =
     py38
     py39
     py310
-    py311
     docs
     coverage
     py39-datetime
@@ -23,7 +22,7 @@ deps =
     datetime: DateTime
     -cconstraints.txt
     pytest-cov
-    !py311: coverage-python-version
+    coverage-python-version
 setenv =
     COVERAGE_FILE=.coverage.{envname}
 commands =
@@ -42,6 +41,8 @@ allowlist_externals =
 deps =
     coverage
     coverage-python-version
+    # Until repoze.sphinx.autointerface supports Sphinx 4.x we cannot use it:
+    Sphinx < 4
     -cconstraints.txt
 setenv =
     COVERAGE_FILE=.coverage
@@ -55,25 +56,15 @@ depends = py27,py35,py36,py37,py38,py39,py39-datetime,py310,coverage
 [testenv:lint]
 basepython = python3
 skip_install = true
-commands =
-    isort --check-only --diff {toxinidir}/src {toxinidir}/setup.py
-    flake8 src setup.py
-    check-manifest
-    check-python-versions
 deps =
+    flake8
     check-manifest
     check-python-versions >= 0.19.1
     wheel
-    flake8
-    isort
-
-[testenv:isort-apply]
-basepython = python3
-commands_pre =
-deps =
-    isort
 commands =
-    isort {toxinidir}/src {toxinidir}/setup.py []
+    flake8 src setup.py
+    check-manifest
+    check-python-versions
 
 [testenv:docs]
 basepython = python3
@@ -105,6 +96,7 @@ commands =
 
 [coverage:run]
 branch = True
+plugins = coverage_python_version
 source = RestrictedPython
 
 [coverage:report]

RestrictedPython-5.3a1.dev0/CONTRIBUTING.md

@@ -1,23 +0,0 @@
-<!--
-Generated from:
-https://github.com/zopefoundation/meta/tree/master/config/pure-python
---> 
-# Contributing to zopefoundation projects
-
-The projects under the zopefoundation GitHub organization are open source and
-welcome contributions in different forms:
-
-* bug reports
-* code improvements and bug fixes
-* documentation improvements
-* pull request reviews
-
-For any changes in the repository besides trivial typo fixes you are required
-to sign the contributor agreement. See
-https://www.zope.dev/developer/becoming-a-committer.html for details.
-
-Please visit our [Developer
-Guidelines](https://www.zope.dev/developer/guidelines.html) if you'd like to
-contribute code changes and our [guidelines for reporting
-bugs](https://www.zope.dev/developer/reporting-bugs.html) if you want to file a
-bug report.

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/src/RestrictedPython/Eval.py

@@ -12,11 +12,11 @@
 ##############################################################################
 """Restricted Python Expressions."""
 
-import ast
-
 from ._compat import IS_PY2
 from .compile import compile_restricted_eval
 
+import ast
+
 
 if IS_PY2:  # pragma: PY2
     from string import maketrans

{RestrictedPython-5.3a1.dev0 → RestrictedPython-5.4}/src/RestrictedPython/compile.py

@@ -1,11 +1,11 @@
-import ast
-import warnings
 from collections import namedtuple
-
 from RestrictedPython._compat import IS_CPYTHON
 from RestrictedPython._compat import IS_PY2
 from RestrictedPython.transformer import RestrictingNodeTransformer
 
+import ast
+import warnings
+
 
 CompileResult = namedtuple(
     'CompileResult', 'code, errors, warnings, used_names')