PyPI - RestrictedPython - Versions diffs - 7.2a1.dev0__tar.gz → 7.3__tar.gz - Mend

RestrictedPython 7.2a1.dev0tar.gz → 7.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/CHANGES.rst RENAMED Viewed

@@ -1,11 +1,25 @@
 Changes
 =======
-7.2a1.dev0 (2024-03-14)
------------------------
+7.3 (2024-09-30)
+----------------
+- Increase the safety level of ``safer_getattr`` allowing applications to use
+  it as ``getattr`` implementation. Such use should now follow the same policy
+  and give the same level of protection as direct attribute access in an
+  environment based on ``RestrictedPython``'s ``safe_builtints``.
+- Prevent information leakage via ``AttributeError.obj``
+  and the ``string`` module.
+7.2 (2024-08-02)
+----------------
-- Allow to use the package with Python 3.13 -- Caution: No security
-  audit has been done so far.
+- Remove unneeded setuptools fossils that may cause installation problems
+  with recent setuptools versions.
+- Add support for single mode statements / execution.
+- Fix a potential breakout capability in the provided ``safer_getattr`` method
+  that is part of the ``safer_builtins``.
 7.1 (2024-03-14)

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 7.2a1.dev0
+Version: 7.3
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -23,7 +23,7 @@ Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Topic :: Security
-Requires-Python: >=3.7, <3.14
+Requires-Python: >=3.7, <3.13
 Description-Content-Type: text/x-rst
 License-File: LICENSE.txt
 Provides-Extra: test
@@ -124,11 +124,25 @@ the documentation `Contributing page
 Changes
 =======
-7.2a1.dev0 (2024-03-14)
------------------------
+7.3 (2024-09-30)
+----------------
+- Increase the safety level of ``safer_getattr`` allowing applications to use
+  it as ``getattr`` implementation. Such use should now follow the same policy
+  and give the same level of protection as direct attribute access in an
+  environment based on ``RestrictedPython``'s ``safe_builtints``.
+- Prevent information leakage via ``AttributeError.obj``
+  and the ``string`` module.
+7.2 (2024-08-02)
+----------------
-- Allow to use the package with Python 3.13 -- Caution: No security
-  audit has been done so far.
+- Remove unneeded setuptools fossils that may cause installation problems
+  with recent setuptools versions.
+- Add support for single mode statements / execution.
+- Fix a potential breakout capability in the provided ``safer_getattr`` method
+  that is part of the ``safer_builtins``.
 7.1 (2024-03-14)

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/docs/usage/basic_usage.rst RENAMED Viewed

@@ -94,6 +94,62 @@ One common advanced usage would be to define an own restricted builtin dictionar
 There is a shortcut for ``{'__builtins__': safe_builtins}`` named ``safe_globals`` which can be imported from ``RestrictedPython``.
+Other Usages
+------------
+RestrictedPython has similar to normal Python multiple modes:
+* exec
+* eval
+* single
+* function
+you can use it by:
+.. testcode::
+    from RestrictedPython import compile_restricted
+    source_code = """
+    def do_something():
+        pass
+    """
+    byte_code = compile_restricted(
+        source_code,
+        filename='<inline code>',
+        mode='exec'
+    )
+    exec(byte_code)
+    do_something()
+.. testcode::
+    from RestrictedPython import compile_restricted
+    byte_code = compile_restricted(
+        "2 + 2",
+        filename='<inline code>',
+        mode='eval'
+    )
+    eval(byte_code)
+.. testcode:: single
+    from RestrictedPython import compile_restricted
+    byte_code = compile_restricted(
+        "2 + 2",
+        filename='<inline code>',
+        mode='single'
+    )
+    exec(byte_code)
+.. testoutput:: single
+    4
 Necessary setup
 ---------------

RestrictedPython-7.3/setup.py ADDED Viewed

@@ -0,0 +1,74 @@
+##############################################################################
+#
+# Copyright (c) 2006 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Setup for RestrictedPython package"""
+import os
+from setuptools import find_packages
+from setuptools import setup
+def read(*rnames):
+    with open(os.path.join(os.path.dirname(__file__), *rnames)) as f:
+        return f.read()
+tests_require = [
+    'pytest',
+    'pytest-mock',
+]
+setup(name='RestrictedPython',
+      version='7.3',
+      url='https://github.com/zopefoundation/RestrictedPython',
+      license='ZPL 2.1',
+      description=(
+          'RestrictedPython is a defined subset of the Python language which '
+          'allows to provide a program input into a trusted environment.'),
+      long_description=read('README.rst') + '\n' + read('CHANGES.rst'),
+      long_description_content_type='text/x-rst',
+      classifiers=[
+          'Development Status :: 6 - Mature',
+          'License :: OSI Approved :: Zope Public License',
+          'Programming Language :: Python',
+          'Operating System :: OS Independent',
+          'Programming Language :: Python :: 3',
+          'Programming Language :: Python :: 3.7',
+          'Programming Language :: Python :: 3.8',
+          'Programming Language :: Python :: 3.9',
+          'Programming Language :: Python :: 3.10',
+          'Programming Language :: Python :: 3.11',
+          'Programming Language :: Python :: 3.12',
+          'Programming Language :: Python :: Implementation :: CPython',
+          'Topic :: Security',
+      ],
+      keywords='restricted execution security untrusted code',
+      author='Zope Foundation and Contributors',
+      author_email='zope-dev@zope.org',
+      project_urls={
+          "Documentation": "https://restrictedpython.readthedocs.io/",
+          "Source": "https://github.com/zopefoundation/RestrictedPython",
+          "Tracker":
+          "https://github.com/zopefoundation/RestrictedPython/issues",
+      },
+      packages=find_packages('src'),
+      package_dir={'': 'src'},
+      install_requires=[],
+      python_requires=">=3.7, <3.13",
+      extras_require={
+          'test': tests_require,
+          'docs': ['Sphinx', 'sphinx_rtd_theme'],
+      },
+      include_package_data=True,
+      zip_safe=False)

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/src/RestrictedPython/Guards.py RENAMED Viewed

@@ -18,6 +18,7 @@
 import builtins
 from RestrictedPython._compat import IS_PY311_OR_GREATER
+from RestrictedPython.transformer import INSPECT_ATTRIBUTES
 safe_builtins = {}
@@ -246,11 +247,17 @@ def safer_getattr(object, name, default=None, getattr=getattr):
     http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
     """
+    if type(name) is not str:
+        raise TypeError('type(name) must be str')
     if name in ('format', 'format_map') and (
             isinstance(object, str) or
             (isinstance(object, type) and issubclass(object, str))):
         raise NotImplementedError(
             'Using the format*() methods of `str` is not safe')
+    if name in INSPECT_ATTRIBUTES:
+        raise AttributeError(
+            f'"{name}" is a restricted name,'
+            ' that is forbidden to access in RestrictedPython.')
     if name.startswith('_'):
         raise AttributeError(
             '"{name}" is an invalid attribute name because it '

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/src/RestrictedPython/Utilities.py RENAMED Viewed

@@ -29,7 +29,11 @@ class _AttributeDelegator:
         if attr in self.__excludes:
             raise NotImplementedError(
                 f"{self.__mod.__name__}.{attr} is not safe")
-        return getattr(self.__mod, attr)
+        try:
+            return getattr(self.__mod, attr)
+        except AttributeError as e:
+            e.obj = self
+            raise
 utility_builtins['string'] = _AttributeDelegator(string, "Formatter")

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/src/RestrictedPython/transformer.py RENAMED Viewed

@@ -593,6 +593,10 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
             """
             return self.node_contents_visit(node)
+    def visit_Interactive(self, node):
+        """Allow single mode without restrictions."""
+        return self.node_contents_visit(node)
     def visit_List(self, node):
         """Allow list literals without restrictions."""
         return self.node_contents_visit(node)

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/src/RestrictedPython.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 7.2a1.dev0
+Version: 7.3
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
@@ -23,7 +23,7 @@ Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Topic :: Security
-Requires-Python: >=3.7, <3.14
+Requires-Python: >=3.7, <3.13
 Description-Content-Type: text/x-rst
 License-File: LICENSE.txt
 Provides-Extra: test
@@ -124,11 +124,25 @@ the documentation `Contributing page
 Changes
 =======
-7.2a1.dev0 (2024-03-14)
------------------------
+7.3 (2024-09-30)
+----------------
+- Increase the safety level of ``safer_getattr`` allowing applications to use
+  it as ``getattr`` implementation. Such use should now follow the same policy
+  and give the same level of protection as direct attribute access in an
+  environment based on ``RestrictedPython``'s ``safe_builtints``.
+- Prevent information leakage via ``AttributeError.obj``
+  and the ``string`` module.
+7.2 (2024-08-02)
+----------------
-- Allow to use the package with Python 3.13 -- Caution: No security
-  audit has been done so far.
+- Remove unneeded setuptools fossils that may cause installation problems
+  with recent setuptools versions.
+- Add support for single mode statements / execution.
+- Fix a potential breakout capability in the provided ``safer_getattr`` method
+  that is part of the ``safer_builtins``.
 7.1 (2024-03-14)

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/tests/builtins/test_utilities.py RENAMED Viewed

@@ -7,8 +7,17 @@ def test_string_in_utility_builtins():
     from RestrictedPython.Utilities import utility_builtins
     # we no longer provide access to ``string`` itself, only to
-    # a restricted view of it
-    assert utility_builtins['string'].__name__ == string.__name__
+    # a restricted view of it (``rstring``)
+    rstring = utility_builtins['string']
+    assert rstring.__name__ == string.__name__
+    # ensure it does not provide access to ``string`` via
+    # ``AttributeError.obj``
+    try:
+        rstring.unexisting_attribute
+    except AttributeError as e:
+        assert e.obj is rstring
 def test_math_in_utility_builtins():

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/tests/test_Guards.py RENAMED Viewed

@@ -259,6 +259,76 @@ def test_Guards__safer_getattr__3():
     assert restricted_globals['result'] == 2
+SAFER_GETATTR_BREAKOUT = """\
+def g(obj, name):
+    # create class FakeString which inherits from str
+    class FakeString(str):
+        # overload startswith() to always return false
+        def startswith(self, _):
+            return False
+    return getattr(obj, FakeString(name))
+# call str.__class__.__base__.__subclasses__()
+subclasses = g(g(g(str, "__class__"), "__base__"), "__subclasses__")()
+# traverse list of subclasses until we reach the BuiltinImporter class
+x = "test"
+while "BuiltinImporter" not in str(x):
+    x = subclasses.pop()
+    continue
+# use BuiltinImporter to import 'os' and access to a not allowed function
+result = x.load_module('os').getgid()
+"""
+def test_Guards__safer_getattr__4():
+    restricted_globals = dict(
+        __builtins__=safe_builtins,
+        __name__=None,
+        __metaclass__=type,
+        # _write_=_write_,
+        getattr=safer_getattr,
+        result=None,
+    )
+    with pytest.raises(TypeError) as err:
+        restricted_exec(SAFER_GETATTR_BREAKOUT, restricted_globals)
+    assert 'type(name) must be str' == str(err.value)
+SAFER_GETATTR_BREAKOUT2 = """\
+g = None
+leak = None
+def test():
+    global g, leak
+    leak = getattr(getattr(getattr(g, "gi_frame"), "f_back"), "f_back")
+    yield leak
+g = test()
+g.send(None)
+os = getattr(leak, "f_builtins").get('__import__')('os')
+result = os.getgid()
+"""
+def test_Guards__safer_getattr__5():
+    restricted_globals = dict(
+        __builtins__=safe_builtins,
+        __name__=None,
+        __metaclass__=type,
+        # _write_=_write_,
+        getattr=safer_getattr,
+        result=None,
+    )
+    # restricted_exec(SAFER_GETATTR_BREAKOUT2, restricted_globals)
+    # assert restricted_globals['result'] == 20
+    with pytest.raises(AttributeError) as err:
+        restricted_exec(SAFER_GETATTR_BREAKOUT2, restricted_globals)
+    assert (
+        '"gi_frame" is a restricted name, '
+        'that is forbidden to access in RestrictedPython.'
+    ) == str(err.value)
 def test_call_py3_builtins():
     """It should not be allowed to access global builtins in Python3."""
     result = compile_restricted_exec('builtins["getattr"]')

{RestrictedPython-7.2a1.dev0 → RestrictedPython-7.3}/tests/test_compile.py RENAMED Viewed

@@ -160,13 +160,24 @@ def test_compile__compile_restricted_eval__used_names():
     assert result.used_names == {'a': True, 'b': True, 'x': True, 'func': True}
-def test_compile__compile_restricted_csingle():
+def test_compile__compile_restricted_single__1():
     """It compiles code as an Interactive."""
-    result = compile_restricted_single('4 * 6')
-    assert result.code is None
-    assert result.errors == (
-        'Line None: Interactive statements are not allowed.',
-    )
+    result = compile_restricted_single('x = 4 * 6')
+    assert result.errors == ()
+    assert result.warnings == []
+    assert result.code is not None
+    locals = {}
+    exec(result.code, {}, locals)
+    assert locals["x"] == 24
+def test_compile__compile_restricted__2():
+    """It compiles code as an Interactive."""
+    code = compile_restricted('x = 4 * 6', filename="<string>", mode="single")
+    locals = {}
+    exec(code, {}, locals)
+    assert locals["x"] == 24
 PRINT_EXAMPLE = """

RestrictedPython-7.2a1.dev0/setup.py DELETED Viewed

@@ -1,79 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2006 Zope Foundation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Setup for RestrictedPython package"""
-import os
-from setuptools import find_packages
-from setuptools import setup
-def read(*rnames):
-    with open(os.path.join(os.path.dirname(__file__), *rnames)) as f:
-        return f.read()
-tests_require = [
-    'pytest',
-    'pytest-mock',
-]
-setup(
-    name='RestrictedPython',
-    version='7.2a1.dev0',
-    url='https://github.com/zopefoundation/RestrictedPython',
-    license='ZPL 2.1',
-    description=(
-        'RestrictedPython is a defined subset of the Python language which '
-        'allows to provide a program input into a trusted environment.'
-    ),
-    long_description=read('README.rst') + '\n' + read('CHANGES.rst'),
-    long_description_content_type='text/x-rst',
-    classifiers=[
-        'Development Status :: 6 - Mature',
-        'License :: OSI Approved :: Zope Public License',
-        'Programming Language :: Python',
-        'Operating System :: OS Independent',
-        'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.7',
-        'Programming Language :: Python :: 3.8',
-        'Programming Language :: Python :: 3.9',
-        'Programming Language :: Python :: 3.10',
-        'Programming Language :: Python :: 3.11',
-        'Programming Language :: Python :: 3.12',
-        'Programming Language :: Python :: Implementation :: CPython',
-        'Topic :: Security',
-    ],
-    keywords='restricted execution security untrusted code',
-    author='Zope Foundation and Contributors',
-    author_email='zope-dev@zope.org',
-    project_urls={
-        "Documentation": "https://restrictedpython.readthedocs.io/",
-        "Source": "https://github.com/zopefoundation/RestrictedPython",
-        "Tracker": "https://github.com/zopefoundation/RestrictedPython/issues",
-    },
-    packages=find_packages('src'),
-    package_dir={'': 'src'},
-    install_requires=[
-    ],
-    python_requires=">=3.7, <3.14",
-    tests_require=tests_require,
-    extras_require={
-        'test': tests_require,
-        'docs': ['Sphinx', 'sphinx_rtd_theme'],
-    },
-    include_package_data=True,
-    zip_safe=False
-)