RestrictedPython 6.0a1.dev0__py3-none-any.whl → 6.2__py3-none-any.whl

RestrictedPython/Guards.py

@@ -17,6 +17,8 @@
 
 import builtins
 
+from RestrictedPython._compat import IS_PY311_OR_GREATER
+
 
 safe_builtins = {}
 
@@ -103,6 +105,9 @@ _safe_exceptions = [
     'ZeroDivisionError',
 ]
 
+if IS_PY311_OR_GREATER:
+    _safe_exceptions.append("ExceptionGroup")
+
 for name in _safe_names:
     safe_builtins[name] = getattr(builtins, name)
 
@@ -241,9 +246,11 @@ def safer_getattr(object, name, default=None, getattr=getattr):
     http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
 
     """
-    if isinstance(object, str) and name == 'format':
+    if name in ('format', 'format_map') and (
+            isinstance(object, str) or
+            (isinstance(object, type) and issubclass(object, str))):
         raise NotImplementedError(
-            'Using format() on a %s is not safe.' % object.__class__.__name__)
+            'Using the format*() methods of `str` is not safe')
     if name.startswith('_'):
         raise AttributeError(
             '"{name}" is an invalid attribute name because it '

RestrictedPython/Utilities.py

@@ -18,7 +18,21 @@ import string
 
 utility_builtins = {}
 
-utility_builtins['string'] = string
+
+class _AttributeDelegator:
+    def __init__(self, mod, *excludes):
+        """delegate attribute lookups outside *excludes* to module *mod*."""
+        self.__mod = mod
+        self.__excludes = excludes
+
+    def __getattr__(self, attr):
+        if attr in self.__excludes:
+            raise NotImplementedError(
+                f"{self.__mod.__name__}.{attr} is not safe")
+        return getattr(self.__mod, attr)
+
+
+utility_builtins['string'] = _AttributeDelegator(string, "Formatter")
 utility_builtins['math'] = math
 utility_builtins['random'] = random
 utility_builtins['whrandom'] = random

RestrictedPython/_compat.py

@@ -6,5 +6,6 @@ _version = sys.version_info
 IS_PY37_OR_GREATER = _version.major == 3 and _version.minor >= 7
 IS_PY38_OR_GREATER = _version.major == 3 and _version.minor >= 8
 IS_PY310_OR_GREATER = _version.major == 3 and _version.minor >= 10
+IS_PY311_OR_GREATER = _version.major == 3 and _version.minor >= 11
 
 IS_CPYTHON = platform.python_implementation() == 'CPython'

RestrictedPython/transformer.py

@@ -63,6 +63,32 @@ FORBIDDEN_FUNC_NAMES = frozenset([
     'breakpoint',
 ])
 
+# inspect attributes. See also
+# https://docs.python.org/3/library/inspect.html
+INSPECT_ATTRIBUTES = frozenset([
+    # traceback
+    "tb_frame",
+    "tb_next",
+    # code
+    "co_code",
+    # frame
+    "f_back",
+    "f_builtins",
+    "f_code",
+    "f_globals",
+    "f_locals",
+    "f_trace",
+    # generator
+    "gi_frame",
+    "gi_code",
+    "gi_yieldfrom",
+    # coroutine
+    "cr_await",
+    "cr_frame",
+    "cr_code",
+    "cr_origin",
+])
+
 
 # When new ast nodes are generated they have no 'lineno', 'end_lineno',
 # 'col_offset' and 'end_col_offset'. This function copies these fields from the
@@ -844,6 +870,13 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
                 '"{name}" is an invalid attribute name because it ends '
                 'with "__roles__".'.format(name=node.attr))
 
+        if node.attr in INSPECT_ATTRIBUTES:
+            self.error(
+                node,
+                f'"{node.attr}" is a restricted name,'
+                ' that is forbidden to access in RestrictedPython.',
+            )
+
         if isinstance(node.ctx, ast.Load):
             node = self.node_contents_visit(node)
             new_node = ast.Call(
@@ -1127,6 +1160,10 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
         """Allow `try` without restrictions."""
         return self.node_contents_visit(node)
 
+    def visit_TryStar(self, node):
+        """Allow `ExceptionGroup` without restrictions."""
+        return self.node_contents_visit(node)
+
     def visit_ExceptHandler(self, node):
         """Protect exception handlers."""
         node = self.node_contents_visit(node)

{RestrictedPython-6.0a1.dev0.dist-info → RestrictedPython-6.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 6.0a1.dev0
+Version: 6.2
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -10,18 +10,17 @@ Project-URL: Documentation, https://restrictedpython.readthedocs.io/
 Project-URL: Source, https://github.com/zopefoundation/RestrictedPython
 Project-URL: Tracker, https://github.com/zopefoundation/RestrictedPython/issues
 Keywords: restricted execution security untrusted code
-Platform: UNKNOWN
 Classifier: Development Status :: 6 - Mature
 Classifier: License :: OSI Approved :: Zope Public License
 Classifier: Programming Language :: Python
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3 :: Only
 Classifier: Programming Language :: Python :: 3.6
 Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Topic :: Security
 Requires-Python: >=3.6, <3.12
@@ -115,11 +114,33 @@ This example directly executed in Python could harm your system.
     Traceback (most recent call last):
     ImportError: __import__ not found
 
+Contributing to RestrictedPython
+--------------------------------
+
+If you want to help maintain RestrictedPython and contribute, please refer to
+the documentation `Contributing page 
+<https://restrictedpython.readthedocs.io/en/latest/contributing/index.html>`_.
+
 Changes
 =======
 
-6.0a1.dev0 (2022-06-22)
------------------------
+6.2 (2023-08-30)
+----------------
+
+- Fix information disclosure problems through
+  Python's "format" functionality
+  (``format`` and ``format_map`` methods on ``str`` and its instances,
+  ``string.Formatter``).
+
+
+6.1 (2023-07-08)
+----------------
+
+- Forbid using some attributes providing access to restricted Python internals.
+
+
+6.0 (2022-11-03)
+----------------
 
 Backwards incompatible changes
 ++++++++++++++++++++++++++++++
@@ -129,10 +150,10 @@ Backwards incompatible changes
 Features
 ++++++++
 
-- Allow to use the package with Python 3.11 -- Caution: No security audit has
-  been done so far.
+- Officially support Python 3.11.
 
-- Fix code to run on Python 3.11.0b3.
+- Allow to use the Python 3.11 feature of exception groups and except\*
+  (PEP 654).
 
 
 5.2 (2021-11-19)
@@ -372,5 +393,3 @@ Bug fixes
 
 - Corresponds to the verison of the RestrictedPython package shipped
   as part of the Zope X3.0.0 release.
-
-

RestrictedPython-6.2.dist-info/RECORD

@@ -0,0 +1,14 @@
+RestrictedPython/Eval.py,sha256=pa79tc-JsT7xfzwg0ceMkxyioIEnFbNHc_PsKUhkkj8,3201
+RestrictedPython/Guards.py,sha256=XXupE0TwcWdb6qAsSexWUYEIeT3bVLTdOVvn94eoqs0,7646
+RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
+RestrictedPython/PrintCollector.py,sha256=bBCpnUPOuKz1wJDuSgh7wo2aoKfcTJeeT8OYnM-K9F8,1137
+RestrictedPython/Utilities.py,sha256=7R6Op1Oqw9-fSxy_eWVa6ioZPx-SAxa7OolDObTWRkU,2937
+RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
+RestrictedPython/_compat.py,sha256=WqDm8KKQcQfQjxsCNlumBwI2adh3sz-Xegs9pUA_9Vs,381
+RestrictedPython/compile.py,sha256=IhcF733t-bkPcvfQ2_NyBeCbSIPtHYxR-GQNNHnaMHM,6727
+RestrictedPython/transformer.py,sha256=0rPty6jsmADsDx69cCR1fcYAkHX9CEEqE_w1DVKr5Zw,41788
+RestrictedPython-6.2.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
+RestrictedPython-6.2.dist-info/METADATA,sha256=j3kDEHIBSxG2ISYRa2Gdn6sdEKgNClG24dTtJuMUsTY,11880
+RestrictedPython-6.2.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
+RestrictedPython-6.2.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
+RestrictedPython-6.2.dist-info/RECORD,,

{RestrictedPython-6.0a1.dev0.dist-info → RestrictedPython-6.2.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.37.1)
+Generator: bdist_wheel (0.41.1)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

RestrictedPython-6.0a1.dev0.dist-info/RECORD

@@ -1,14 +0,0 @@
-RestrictedPython/Eval.py,sha256=pa79tc-JsT7xfzwg0ceMkxyioIEnFbNHc_PsKUhkkj8,3201
-RestrictedPython/Guards.py,sha256=be11vrdnducE3ULdrfHwo6ZjFTKyqsfVGRGanyvW1C4,7431
-RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
-RestrictedPython/PrintCollector.py,sha256=bBCpnUPOuKz1wJDuSgh7wo2aoKfcTJeeT8OYnM-K9F8,1137
-RestrictedPython/Utilities.py,sha256=EL64bcEHOJEFjJ_Y9vCjAuI5OThY3RqY_knE21yzXYI,2485
-RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
-RestrictedPython/_compat.py,sha256=gbX6ySRVG3gyGy-KZ3YiawwUnoWowzYa9icEHy0TD6w,314
-RestrictedPython/compile.py,sha256=IhcF733t-bkPcvfQ2_NyBeCbSIPtHYxR-GQNNHnaMHM,6727
-RestrictedPython/transformer.py,sha256=Sa8zvxf1UipklaDg9cfer0DvjotNWpYyV-ymSvprbpY,40975
-RestrictedPython-6.0a1.dev0.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
-RestrictedPython-6.0a1.dev0.dist-info/METADATA,sha256=Uo0CFuNYl-hBLLmhnJw9ozophOfiBwv1mf5NxJJoISM,11350
-RestrictedPython-6.0a1.dev0.dist-info/WHEEL,sha256=G16H4A3IeoQmnOrYV4ueZGKSjhipXx8zc8nu9FGlvMA,92
-RestrictedPython-6.0a1.dev0.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
-RestrictedPython-6.0a1.dev0.dist-info/RECORD,,