RestrictedPython 6.1__py3-none-any.whl → 6.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. RestrictedPython/Guards.py +4 -2
  2. RestrictedPython/Utilities.py +15 -1
  3. {RestrictedPython-6.1.dist-info → RestrictedPython-6.2.dist-info}/METADATA +11 -2
  4. {RestrictedPython-6.1.dist-info → RestrictedPython-6.2.dist-info}/RECORD +7 -7
  5. {RestrictedPython-6.1.dist-info → RestrictedPython-6.2.dist-info}/WHEEL +1 -1
  6. {RestrictedPython-6.1.dist-info → RestrictedPython-6.2.dist-info}/LICENSE.txt +0 -0
  7. {RestrictedPython-6.1.dist-info → RestrictedPython-6.2.dist-info}/top_level.txt +0 -0
RestrictedPython/Guards.py CHANGED
@@ -246,9 +246,11 @@ def safer_getattr(object, name, default=None, getattr=getattr):
246
246
  http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
247
247
 
248
248
  """
249
- if isinstance(object, str) and name == 'format':
249
+ if name in ('format', 'format_map') and (
250
+ isinstance(object, str) or
251
+ (isinstance(object, type) and issubclass(object, str))):
250
252
  raise NotImplementedError(
251
- 'Using format() on a %s is not safe.' % object.__class__.__name__)
253
+ 'Using the format*() methods of `str` is not safe')
252
254
  if name.startswith('_'):
253
255
  raise AttributeError(
254
256
  '"{name}" is an invalid attribute name because it '
RestrictedPython/Utilities.py CHANGED
@@ -18,7 +18,21 @@ import string
18
18
 
19
19
  utility_builtins = {}
20
20
 
21
- utility_builtins['string'] = string
21
+
22
+ class _AttributeDelegator:
23
+ def __init__(self, mod, *excludes):
24
+ """delegate attribute lookups outside *excludes* to module *mod*."""
25
+ self.__mod = mod
26
+ self.__excludes = excludes
27
+
28
+ def __getattr__(self, attr):
29
+ if attr in self.__excludes:
30
+ raise NotImplementedError(
31
+ f"{self.__mod.__name__}.{attr} is not safe")
32
+ return getattr(self.__mod, attr)
33
+
34
+
35
+ utility_builtins['string'] = _AttributeDelegator(string, "Formatter")
22
36
  utility_builtins['math'] = math
23
37
  utility_builtins['random'] = random
24
38
  utility_builtins['whrandom'] = random
{RestrictedPython-6.1.dist-info → RestrictedPython-6.2.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: RestrictedPython
3
- Version: 6.1
3
+ Version: 6.2
4
4
  Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
5
5
  Home-page: https://github.com/zopefoundation/RestrictedPython
6
6
  Author: Zope Foundation and Contributors
@@ -124,10 +124,19 @@ the documentation `Contributing page
124
124
  Changes
125
125
  =======
126
126
 
127
+ 6.2 (2023-08-30)
128
+ ----------------
129
+
130
+ - Fix information disclosure problems through
131
+ Python's "format" functionality
132
+ (``format`` and ``format_map`` methods on ``str`` and its instances,
133
+ ``string.Formatter``).
134
+
135
+
127
136
  6.1 (2023-07-08)
128
137
  ----------------
129
138
 
130
- - Restrict access to some attributes accessible via the ``inspect`` module.
139
+ - Forbid using some attributes providing access to restricted Python internals.
131
140
 
132
141
 
133
142
  6.0 (2022-11-03)
{RestrictedPython-6.1.dist-info → RestrictedPython-6.2.dist-info}/RECORD RENAMED
@@ -1,14 +1,14 @@
1
1
  RestrictedPython/Eval.py,sha256=pa79tc-JsT7xfzwg0ceMkxyioIEnFbNHc_PsKUhkkj8,3201
2
- RestrictedPython/Guards.py,sha256=MmmOImyuRqjUcCI_3TDP8ldY3i58mMHHeH2rmPveaEw,7560
2
+ RestrictedPython/Guards.py,sha256=XXupE0TwcWdb6qAsSexWUYEIeT3bVLTdOVvn94eoqs0,7646
3
3
  RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
4
4
  RestrictedPython/PrintCollector.py,sha256=bBCpnUPOuKz1wJDuSgh7wo2aoKfcTJeeT8OYnM-K9F8,1137
5
- RestrictedPython/Utilities.py,sha256=EL64bcEHOJEFjJ_Y9vCjAuI5OThY3RqY_knE21yzXYI,2485
5
+ RestrictedPython/Utilities.py,sha256=7R6Op1Oqw9-fSxy_eWVa6ioZPx-SAxa7OolDObTWRkU,2937
6
6
  RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
7
7
  RestrictedPython/_compat.py,sha256=WqDm8KKQcQfQjxsCNlumBwI2adh3sz-Xegs9pUA_9Vs,381
8
8
  RestrictedPython/compile.py,sha256=IhcF733t-bkPcvfQ2_NyBeCbSIPtHYxR-GQNNHnaMHM,6727
9
9
  RestrictedPython/transformer.py,sha256=0rPty6jsmADsDx69cCR1fcYAkHX9CEEqE_w1DVKr5Zw,41788
10
- RestrictedPython-6.1.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
11
- RestrictedPython-6.1.dist-info/METADATA,sha256=gzFUxqOCzrpmceLsawiYGhRaDY-WE3_Ukz68FuBedy4,11663
12
- RestrictedPython-6.1.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
13
- RestrictedPython-6.1.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
14
- RestrictedPython-6.1.dist-info/RECORD,,
10
+ RestrictedPython-6.2.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
11
+ RestrictedPython-6.2.dist-info/METADATA,sha256=j3kDEHIBSxG2ISYRa2Gdn6sdEKgNClG24dTtJuMUsTY,11880
12
+ RestrictedPython-6.2.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
13
+ RestrictedPython-6.2.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
14
+ RestrictedPython-6.2.dist-info/RECORD,,
{RestrictedPython-6.1.dist-info → RestrictedPython-6.2.dist-info}/WHEEL RENAMED
@@ -1,5 +1,5 @@
1
1
  Wheel-Version: 1.0
2
- Generator: bdist_wheel (0.40.0)
2
+ Generator: bdist_wheel (0.41.1)
3
3
  Root-Is-Purelib: true
4
4
  Tag: py3-none-any
5
5