PyPI - RestrictedPython - Versions diffs - 7.1__tar.gz → 7.2__tar.gz - Mend

RestrictedPython 7.1tar.gz → 7.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

{RestrictedPython-7.1 → RestrictedPython-7.2}/CHANGES.rst RENAMED Viewed

@@ -1,6 +1,16 @@
 Changes
 =======
+7.2 (2024-08-02)
+----------------
+- Remove unneeded setuptools fossils that may cause installation problems
+  with recent setuptools versions.
+- Add support for single mode statements / execution.
+- Fix a potential breakout capability in the provided ``safer_getattr`` method
+  that is part of the ``safer_builtins``.
 7.1 (2024-03-14)
 ----------------

{RestrictedPython-7.1 → RestrictedPython-7.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 7.1
+Version: 7.2
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -124,6 +124,16 @@ the documentation `Contributing page
 Changes
 =======
+7.2 (2024-08-02)
+----------------
+- Remove unneeded setuptools fossils that may cause installation problems
+  with recent setuptools versions.
+- Add support for single mode statements / execution.
+- Fix a potential breakout capability in the provided ``safer_getattr`` method
+  that is part of the ``safer_builtins``.
 7.1 (2024-03-14)
 ----------------

{RestrictedPython-7.1 → RestrictedPython-7.2}/docs/usage/basic_usage.rst RENAMED Viewed

@@ -94,6 +94,62 @@ One common advanced usage would be to define an own restricted builtin dictionar
 There is a shortcut for ``{'__builtins__': safe_builtins}`` named ``safe_globals`` which can be imported from ``RestrictedPython``.
+Other Usages
+------------
+RestrictedPython has similar to normal Python multiple modes:
+* exec
+* eval
+* single
+* function
+you can use it by:
+.. testcode::
+    from RestrictedPython import compile_restricted
+    source_code = """
+    def do_something():
+        pass
+    """
+    byte_code = compile_restricted(
+        source_code,
+        filename='<inline code>',
+        mode='exec'
+    )
+    exec(byte_code)
+    do_something()
+.. testcode::
+    from RestrictedPython import compile_restricted
+    byte_code = compile_restricted(
+        "2 + 2",
+        filename='<inline code>',
+        mode='eval'
+    )
+    eval(byte_code)
+.. testcode:: single
+    from RestrictedPython import compile_restricted
+    byte_code = compile_restricted(
+        "2 + 2",
+        filename='<inline code>',
+        mode='single'
+    )
+    exec(byte_code)
+.. testoutput:: single
+    4
 Necessary setup
 ---------------

RestrictedPython-7.2/setup.py ADDED Viewed

@@ -0,0 +1,74 @@
+##############################################################################
+#
+# Copyright (c) 2006 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Setup for RestrictedPython package"""
+import os
+from setuptools import find_packages
+from setuptools import setup
+def read(*rnames):
+    with open(os.path.join(os.path.dirname(__file__), *rnames)) as f:
+        return f.read()
+tests_require = [
+    'pytest',
+    'pytest-mock',
+]
+setup(name='RestrictedPython',
+      version='7.2',
+      url='https://github.com/zopefoundation/RestrictedPython',
+      license='ZPL 2.1',
+      description=(
+          'RestrictedPython is a defined subset of the Python language which '
+          'allows to provide a program input into a trusted environment.'),
+      long_description=read('README.rst') + '\n' + read('CHANGES.rst'),
+      long_description_content_type='text/x-rst',
+      classifiers=[
+          'Development Status :: 6 - Mature',
+          'License :: OSI Approved :: Zope Public License',
+          'Programming Language :: Python',
+          'Operating System :: OS Independent',
+          'Programming Language :: Python :: 3',
+          'Programming Language :: Python :: 3.7',
+          'Programming Language :: Python :: 3.8',
+          'Programming Language :: Python :: 3.9',
+          'Programming Language :: Python :: 3.10',
+          'Programming Language :: Python :: 3.11',
+          'Programming Language :: Python :: 3.12',
+          'Programming Language :: Python :: Implementation :: CPython',
+          'Topic :: Security',
+      ],
+      keywords='restricted execution security untrusted code',
+      author='Zope Foundation and Contributors',
+      author_email='zope-dev@zope.org',
+      project_urls={
+          "Documentation": "https://restrictedpython.readthedocs.io/",
+          "Source": "https://github.com/zopefoundation/RestrictedPython",
+          "Tracker":
+          "https://github.com/zopefoundation/RestrictedPython/issues",
+      },
+      packages=find_packages('src'),
+      package_dir={'': 'src'},
+      install_requires=[],
+      python_requires=">=3.7, <3.13",
+      extras_require={
+          'test': tests_require,
+          'docs': ['Sphinx', 'sphinx_rtd_theme'],
+      },
+      include_package_data=True,
+      zip_safe=False)

{RestrictedPython-7.1 → RestrictedPython-7.2}/src/RestrictedPython/Guards.py RENAMED Viewed

@@ -246,6 +246,8 @@ def safer_getattr(object, name, default=None, getattr=getattr):
     http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
     """
+    if type(name) is not str:
+        raise TypeError('type(name) must be str')
     if name in ('format', 'format_map') and (
             isinstance(object, str) or
             (isinstance(object, type) and issubclass(object, str))):

{RestrictedPython-7.1 → RestrictedPython-7.2}/src/RestrictedPython/transformer.py RENAMED Viewed

@@ -593,6 +593,10 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
             """
             return self.node_contents_visit(node)
+    def visit_Interactive(self, node):
+        """Allow single mode without restrictions."""
+        return self.node_contents_visit(node)
     def visit_List(self, node):
         """Allow list literals without restrictions."""
         return self.node_contents_visit(node)

{RestrictedPython-7.1 → RestrictedPython-7.2}/src/RestrictedPython.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 7.1
+Version: 7.2
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -124,6 +124,16 @@ the documentation `Contributing page
 Changes
 =======
+7.2 (2024-08-02)
+----------------
+- Remove unneeded setuptools fossils that may cause installation problems
+  with recent setuptools versions.
+- Add support for single mode statements / execution.
+- Fix a potential breakout capability in the provided ``safer_getattr`` method
+  that is part of the ``safer_builtins``.
 7.1 (2024-03-14)
 ----------------

{RestrictedPython-7.1 → RestrictedPython-7.2}/tests/test_Guards.py RENAMED Viewed

@@ -259,6 +259,42 @@ def test_Guards__safer_getattr__3():
     assert restricted_globals['result'] == 2
+SAFER_GETATTR_BREAKOUT = """\
+def g(obj, name):
+    # create class FakeString which inherits from str
+    class FakeString(str):
+        # overload startswith() to always return false
+        def startswith(self, _):
+            return False
+    return getattr(obj, FakeString(name))
+# call str.__class__.__base__.__subclasses__()
+subclasses = g(g(g(str, "__class__"), "__base__"), "__subclasses__")()
+# traverse list of subclasses until we reach the BuiltinImporter class
+x = "test"
+while "BuiltinImporter" not in str(x):
+    x = subclasses.pop()
+    continue
+# use BuiltinImporter to import 'os' and access to a not allowed function
+result = x.load_module('os').getgid()
+"""
+def test_Guards__safer_getattr__4():
+    restricted_globals = dict(
+        __builtins__=safe_builtins,
+        __name__=None,
+        __metaclass__=type,
+        # _write_=_write_,
+        getattr=safer_getattr,
+        result=None,
+    )
+    with pytest.raises(TypeError) as err:
+        restricted_exec(SAFER_GETATTR_BREAKOUT, restricted_globals)
+    assert 'type(name) must be str' == str(err.value)
 def test_call_py3_builtins():
     """It should not be allowed to access global builtins in Python3."""
     result = compile_restricted_exec('builtins["getattr"]')

{RestrictedPython-7.1 → RestrictedPython-7.2}/tests/test_compile.py RENAMED Viewed

@@ -160,13 +160,24 @@ def test_compile__compile_restricted_eval__used_names():
     assert result.used_names == {'a': True, 'b': True, 'x': True, 'func': True}
-def test_compile__compile_restricted_csingle():
+def test_compile__compile_restricted_single__1():
     """It compiles code as an Interactive."""
-    result = compile_restricted_single('4 * 6')
-    assert result.code is None
-    assert result.errors == (
-        'Line None: Interactive statements are not allowed.',
-    )
+    result = compile_restricted_single('x = 4 * 6')
+    assert result.errors == ()
+    assert result.warnings == []
+    assert result.code is not None
+    locals = {}
+    exec(result.code, {}, locals)
+    assert locals["x"] == 24
+def test_compile__compile_restricted__2():
+    """It compiles code as an Interactive."""
+    code = compile_restricted('x = 4 * 6', filename="<string>", mode="single")
+    locals = {}
+    exec(code, {}, locals)
+    assert locals["x"] == 24
 PRINT_EXAMPLE = """

RestrictedPython-7.1/setup.py DELETED Viewed

@@ -1,79 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2006 Zope Foundation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Setup for RestrictedPython package"""
-import os
-from setuptools import find_packages
-from setuptools import setup
-def read(*rnames):
-    with open(os.path.join(os.path.dirname(__file__), *rnames)) as f:
-        return f.read()
-tests_require = [
-    'pytest',
-    'pytest-mock',
-]
-setup(
-    name='RestrictedPython',
-    version='7.1',
-    url='https://github.com/zopefoundation/RestrictedPython',
-    license='ZPL 2.1',
-    description=(
-        'RestrictedPython is a defined subset of the Python language which '
-        'allows to provide a program input into a trusted environment.'
-    ),
-    long_description=read('README.rst') + '\n' + read('CHANGES.rst'),
-    long_description_content_type='text/x-rst',
-    classifiers=[
-        'Development Status :: 6 - Mature',
-        'License :: OSI Approved :: Zope Public License',
-        'Programming Language :: Python',
-        'Operating System :: OS Independent',
-        'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.7',
-        'Programming Language :: Python :: 3.8',
-        'Programming Language :: Python :: 3.9',
-        'Programming Language :: Python :: 3.10',
-        'Programming Language :: Python :: 3.11',
-        'Programming Language :: Python :: 3.12',
-        'Programming Language :: Python :: Implementation :: CPython',
-        'Topic :: Security',
-    ],
-    keywords='restricted execution security untrusted code',
-    author='Zope Foundation and Contributors',
-    author_email='zope-dev@zope.org',
-    project_urls={
-        "Documentation": "https://restrictedpython.readthedocs.io/",
-        "Source": "https://github.com/zopefoundation/RestrictedPython",
-        "Tracker": "https://github.com/zopefoundation/RestrictedPython/issues",
-    },
-    packages=find_packages('src'),
-    package_dir={'': 'src'},
-    install_requires=[
-    ],
-    python_requires=">=3.7, <3.13",
-    tests_require=tests_require,
-    extras_require={
-        'test': tests_require,
-        'docs': ['Sphinx', 'sphinx_rtd_theme'],
-    },
-    include_package_data=True,
-    zip_safe=False
-)