PyPI - RestrictedPython - Versions diffs - 7.0a2.dev0__tar.gz → 7.1__tar.gz - Mend

RestrictedPython 7.0a2.dev0tar.gz → 7.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/CHANGES.rst RENAMED Viewed

@@ -1,8 +1,14 @@
 Changes
 =======
-7.0a2.dev0 (2023-11-06)
------------------------
+7.1 (2024-03-14)
+----------------
+- Add support for the matmul (``@``) operator.
+7.0 (2023-11-17)
+----------------
 Backwards incompatible changes
 ++++++++++++++++++++++++++++++
@@ -12,8 +18,7 @@ Backwards incompatible changes
 Features
 ++++++++
-- Allow to use the package with Python 3.12 and 3.13 -- Caution: No security
-  audit has been done so far.
+- Officially support Python 3.12.
 Fixes
 +++++
@@ -23,8 +28,7 @@ Fixes
 - Forbid using some attributes providing access to restricted Python internals.
   (CVE-2023-37271)
-- Fix information disclosure problems through
-  Python's "format" functionality
+- Fix information disclosure problems through Python's "format" functionality
   (``format`` and ``format_map`` methods on ``str`` and its instances,
   ``string.Formatter``). (CVE-2023-41039)

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 7.0a2.dev0
+Version: 7.1
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -20,9 +20,10 @@ Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Topic :: Security
-Requires-Python: >=3.7, <3.14
+Requires-Python: >=3.7, <3.13
 Description-Content-Type: text/x-rst
 License-File: LICENSE.txt
 Provides-Extra: test
@@ -123,8 +124,14 @@ the documentation `Contributing page
 Changes
 =======
-7.0a2.dev0 (2023-11-06)
------------------------
+7.1 (2024-03-14)
+----------------
+- Add support for the matmul (``@``) operator.
+7.0 (2023-11-17)
+----------------
 Backwards incompatible changes
 ++++++++++++++++++++++++++++++
@@ -134,8 +141,7 @@ Backwards incompatible changes
 Features
 ++++++++
-- Allow to use the package with Python 3.12 and 3.13 -- Caution: No security
-  audit has been done so far.
+- Officially support Python 3.12.
 Fixes
 +++++
@@ -145,8 +151,7 @@ Fixes
 - Forbid using some attributes providing access to restricted Python internals.
   (CVE-2023-37271)
-- Fix information disclosure problems through
-  Python's "format" functionality
+- Fix information disclosure problems through Python's "format" functionality
   (``format`` and ``format_map`` methods on ``str`` and its instances,
   ``string.Formatter``). (CVE-2023-41039)

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/docs/conf.py RENAMED Viewed

@@ -47,7 +47,7 @@ master_doc = 'index'
 # General information about the project.
 project = 'RestrictedPython'
-copyright = '2017-2022, Zope Foundation and Contributors'
+copyright = '2017-2023, Zope Foundation and Contributors'
 author = 'The Zope & Plone developer community'
 # The version info for the project you're documenting, acts as replacement for
@@ -55,9 +55,9 @@ author = 'The Zope & Plone developer community'
 # built documents.
 #
 # The short X.Y version.
-version = '5.0'
+version = '7.0'
 # The full version, including alpha/beta/rc tags.
-release = '5.0'
+release = '7.0'
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@@ -217,7 +217,7 @@ html_theme = 'default'
 # html_search_scorer = 'scorer.js'
 # Output file base name for HTML help builder.
-htmlhelp_basename = 'RestrictedPythondoc'
+htmlhelp_basename = 'RestrictedPython_doc'
 # -- Options for LaTeX output ---------------------------------------------

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/docs/contributing/ast/python3_12.ast RENAMED Viewed

@@ -14,23 +14,27 @@ module Python version "3.12"
                        stmt* body,
                        expr* decorator_list,
                        expr? returns,
-                       string? type_comment)
+                       string? type_comment,
+                       type_param* type_params)
          | AsyncFunctionDef(identifier name,
                             arguments args,
                             stmt* body,
                             expr* decorator_list,
                             expr? returns,
-                            string? type_comment)
+                            string? type_comment,
+                            type_param* type_params)
          | ClassDef(identifier name,
                     expr* bases,
                     keyword* keywords,
                     stmt* body,
-                    expr* decorator_list)
+                    expr* decorator_list,
+                    type_param* type_params)
          | Return(expr? value)
          | Delete(expr* targets)
          | Assign(expr* targets, expr value, string? type_comment)
+         | TypeAlias(expr name, type_param* type_params, expr value)
          | AugAssign(expr target, operator op, expr value)
          -- 'simple' indicates that we annotate simple name without parens
          | AnnAssign(expr target, expr annotation, expr? value, int simple)
@@ -182,4 +186,9 @@ module Python version "3.12"
              attributes (int lineno, int col_offset, int end_lineno, int end_col_offset)
     type_ignore = TypeIgnore(int lineno, string tag)
+    type_param = TypeVar(identifier name, expr? bound)
+               | ParamSpec(identifier name)
+               | TypeVarTuple(identifier name)
+               attributes (int lineno, int col_offset, int end_lineno, int end_col_offset)
 }

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/docs/contributing/index.rst RENAMED Viewed

@@ -91,8 +91,8 @@ To enable a certain functionality in RestrictedPython, do the following:
   * icemac
   * loechel
-Differences between different Python versions
----------------------------------------------
+Differences between Python versions
+-----------------------------------
 A (modified style) Copy of all Abstract Grammar Definitions for the Python versions does live in this Documentation (ast Subfolder) to help finding difference quicker by comparing files.
@@ -152,14 +152,14 @@ The ``ast`` module consists of four areas:
 A ``NodeVisitor`` is a class of a node / AST consumer, it reads the data by stepping through the tree without modifying it.
 In contrast, a ``NodeTransformer`` (which inherits from a ``NodeVisitor``) is allowed to modify the tree and nodes.
-Technical decissions on how to implement / maintain RestrictedPython (Design, Structure, Tools, ...)
-++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+Technical decisions on how to implement / maintain RestrictedPython (Design, Structure, Tools, ...)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 RestrictedPython is a core Package of the Zope & Plone Stack.
 Until Version 3.6 RestrictedPython was Python 2 only, and a critical blocker for Zope & Plone.
-With RestrictedPython 4.0 an API compatible rewrite has happend, which supports modern Python Versions.
+With RestrictedPython 4.0 an API compatible rewrite has happened, which supports modern Python Versions.
-* Use modern python tool stack for maintainance and tests
+* Use modern python tool stack for maintenance and tests
   * tox
   * pytest
@@ -179,7 +179,7 @@ With RestrictedPython 4.0 an API compatible rewrite has happend, which supports
   Resolve discussion about how RestrictedPython should be treat new expressions / ``ast.Nodes``.
   This belongs to :ref:`new_python_version`.
-  **Option 1 - reduce maintainance burden (prefered by icemac)**
+  **Option 1 - reduce maintenance burden (preferred by icemac)**
   All AST Nodes without an explicit ``visit_<AST Node>`` method, are denied by default.
@@ -187,7 +187,7 @@ With RestrictedPython 4.0 an API compatible rewrite has happend, which supports
   *This is currently the promoted version.*
-  **Option 2 - be as explicite as possible (prefered by loechel)**
+  **Option 2 - be as explicit as possible (preferred by loechel)**
   If the new AST Node should be disabled by default, add a ``visit_<AST Node>`` method such as the following:
@@ -237,12 +237,12 @@ Technical Backgrounds - Links to External Documentation
   * AST Grammar of Python (`Status of Python Versions`_)
-    * `Python 3.12 AST`_ (development branch - EOL 2028-10)
-    * `Python 3.11 AST`_ (in bugfix phase - EOL 2027-10)
-    * `Python 3.10 AST`_ (in bugfix phase - EOL 2026-10)
-    * `Python 3.9 AST`_ (in security phase - EOL 2025-10)
-    * `Python 3.8 AST`_ (in security phase - EOL 2024-10)
-    * `Python 3.7 AST`_ (in security phase - EOL 2023-06-27)
+    * `Python 3.12 AST`_ (EOL 2028-10)
+    * `Python 3.11 AST`_ (EOL 2027-10)
+    * `Python 3.10 AST`_ (EOL 2026-10)
+    * `Python 3.9 AST`_ (EOL 2025-10)
+    * `Python 3.8 AST`_ (EOL 2024-10)
+    * `Python 3.7 AST`_ (EOL 2023-06-27)
   * `AST NodeVistiors Class`_
   * `AST NodeTransformer Class`_

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/docs/roadmap/index.rst RENAMED Viewed

@@ -26,11 +26,6 @@ Full code coverage tests.
     stephan-hof did propose a solution, should be discussed and if approved implemented.
-RestrictedPython 4.1+
----------------------
-Enhance RestrictedPython, declare  deprecations and possible new restrictions.
 RestrictedPython 6.0+
 ---------------------

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/setup.py RENAMED Viewed

@@ -32,7 +32,7 @@ tests_require = [
 setup(
     name='RestrictedPython',
-    version='7.0a2.dev0',
+    version='7.1',
     url='https://github.com/zopefoundation/RestrictedPython',
     license='ZPL 2.1',
     description=(
@@ -52,6 +52,7 @@ setup(
         'Programming Language :: Python :: 3.9',
         'Programming Language :: Python :: 3.10',
         'Programming Language :: Python :: 3.11',
+        'Programming Language :: Python :: 3.12',
         'Programming Language :: Python :: Implementation :: CPython',
         'Topic :: Security',
     ],
@@ -67,7 +68,7 @@ setup(
     package_dir={'': 'src'},
     install_requires=[
     ],
-    python_requires=">=3.7, <3.14",
+    python_requires=">=3.7, <3.13",
     tests_require=tests_require,
     extras_require={
         'test': tests_require,

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/src/RestrictedPython/transformer.py RENAMED Viewed

@@ -768,8 +768,8 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
         return self.node_contents_visit(node)
     def visit_MatMult(self, node):
-        """Matrix multiplication (`@`) is currently not allowed."""
-        self.not_allowed(node)
+        """Allow multiplication (`@`)."""
+        return self.node_contents_visit(node)
     def visit_BoolOp(self, node):
         """Allow bool operator without restrictions."""

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/src/RestrictedPython.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 7.0a2.dev0
+Version: 7.1
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -20,9 +20,10 @@ Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Topic :: Security
-Requires-Python: >=3.7, <3.14
+Requires-Python: >=3.7, <3.13
 Description-Content-Type: text/x-rst
 License-File: LICENSE.txt
 Provides-Extra: test
@@ -123,8 +124,14 @@ the documentation `Contributing page
 Changes
 =======
-7.0a2.dev0 (2023-11-06)
------------------------
+7.1 (2024-03-14)
+----------------
+- Add support for the matmul (``@``) operator.
+7.0 (2023-11-17)
+----------------
 Backwards incompatible changes
 ++++++++++++++++++++++++++++++
@@ -134,8 +141,7 @@ Backwards incompatible changes
 Features
 ++++++++
-- Allow to use the package with Python 3.12 and 3.13 -- Caution: No security
-  audit has been done so far.
+- Officially support Python 3.12.
 Fixes
 +++++
@@ -145,8 +151,7 @@ Fixes
 - Forbid using some attributes providing access to restricted Python internals.
   (CVE-2023-37271)
-- Fix information disclosure problems through
-  Python's "format" functionality
+- Fix information disclosure problems through Python's "format" functionality
   (``format`` and ``format_map`` methods on ``str`` and its instances,
   ``string.Formatter``). (CVE-2023-41039)

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/tests/transformer/operators/test_arithmetic_operators.py RENAMED Viewed

@@ -1,4 +1,3 @@
-from RestrictedPython import compile_restricted_eval
 from tests.helper import restricted_eval
@@ -33,8 +32,12 @@ def test_FloorDiv():
 def test_MatMult():
-    result = compile_restricted_eval('(8, 3, 5) @ (2, 7, 1)')
-    assert result.errors == (
-        'Line None: MatMult statements are not allowed.',
-    )
-    assert result.code is None
+    class Vector:
+        def __init__(self, values):
+            self.values = values
+        def __matmul__(self, other):
+            return sum(x * y for x, y in zip(self.values, other.values))
+    assert restricted_eval(
+        'Vector((8, 3, 5)) @ Vector((2, 7, 1))', {'Vector': Vector}) == 42

{RestrictedPython-7.0a2.dev0 → RestrictedPython-7.1}/tox.ini RENAMED Viewed

@@ -54,7 +54,7 @@ commands =
     coverage combine
     coverage html
     coverage report -m --fail-under=100
-depends = py37,py38,py39,py39-datetime,py310,py311,py312coverage
+depends = py37,py38,py39,py39-datetime,py310,py311,py312,coverage
 [testenv:release-check]
 description = ensure that the distribution is ready to release
 basepython = python3