RestrictedPython 7.3__py3-none-any.whl → 8.0__py3-none-any.whl

RestrictedPython/Guards.py

@@ -17,7 +17,6 @@
 
 import builtins
 
-from RestrictedPython._compat import IS_PY311_OR_GREATER
 from RestrictedPython.transformer import INSPECT_ATTRIBUTES
 
 
@@ -106,9 +105,6 @@ _safe_exceptions = [
     'ZeroDivisionError',
 ]
 
-if IS_PY311_OR_GREATER:
-    _safe_exceptions.append("ExceptionGroup")
-
 for name in _safe_names:
     safe_builtins[name] = getattr(builtins, name)
 
@@ -240,6 +236,9 @@ def guarded_delattr(object, name):
 safe_builtins['delattr'] = guarded_delattr
 
 
+raise_ = object()
+
+
 def safer_getattr(object, name, default=None, getattr=getattr):
     """Getattr implementation which prevents using format on string objects.
 
@@ -263,12 +262,18 @@ def safer_getattr(object, name, default=None, getattr=getattr):
             '"{name}" is an invalid attribute name because it '
             'starts with "_"'.format(name=name)
         )
-    return getattr(object, name, default)
+    args = (object, name) + (() if default is raise_ else (default,))
+    return getattr(*args)
 
 
 safe_builtins['_getattr_'] = safer_getattr
 
 
+def safer_getattr_raise(object, name, default=raise_):
+    """like ``safer_getattr`` but raising ``AttributeError`` if failing."""
+    return safer_getattr(object, name, default)
+
+
 def guarded_iter_unpack_sequence(it, spec, _getiter_):
     """Protect sequence unpacking of targets in a 'for loop'.
 

RestrictedPython/_compat.py

@@ -3,7 +3,6 @@ import sys
 
 
 _version = sys.version_info
-IS_PY38_OR_GREATER = _version.major == 3 and _version.minor >= 8
 IS_PY310_OR_GREATER = _version.major == 3 and _version.minor >= 10
 IS_PY311_OR_GREATER = _version.major == 3 and _version.minor >= 11
 IS_PY312_OR_GREATER = _version.major == 3 and _version.minor >= 12

RestrictedPython/transformer.py

@@ -22,16 +22,6 @@ import ast
 import contextlib
 import textwrap
 
-from ._compat import IS_PY38_OR_GREATER
-
-
-# Avoid DeprecationWarnings under Python 3.12 and up
-if IS_PY38_OR_GREATER:
-    astStr = ast.Constant
-    astNum = ast.Constant
-else:  # pragma: no cover
-    astStr = ast.Str
-    astNum = ast.Num
 
 # For AugAssign the operator must be converted to a string.
 IOPERATOR_TO_STR = {
@@ -127,16 +117,14 @@ def copy_locations(new_node, old_node):
     assert 'lineno' in new_node._attributes
     new_node.lineno = old_node.lineno
 
-    if IS_PY38_OR_GREATER:
-        assert 'end_lineno' in new_node._attributes
-        new_node.end_lineno = old_node.end_lineno
+    assert 'end_lineno' in new_node._attributes
+    new_node.end_lineno = old_node.end_lineno
 
     assert 'col_offset' in new_node._attributes
     new_node.col_offset = old_node.col_offset
 
-    if IS_PY38_OR_GREATER:
-        assert 'end_col_offset' in new_node._attributes
-        new_node.end_col_offset = old_node.end_col_offset
+    assert 'end_col_offset' in new_node._attributes
+    new_node.end_col_offset = old_node.end_col_offset
 
     ast.fix_missing_locations(new_node)
 
@@ -280,7 +268,7 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
         """
         spec = ast.Dict(keys=[], values=[])
 
-        spec.keys.append(astStr('childs'))
+        spec.keys.append(ast.Constant('childs'))
         spec.values.append(ast.Tuple([], ast.Load()))
 
         # starred elements in a sequence do not contribute into the min_len.
@@ -300,12 +288,12 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
 
             elif isinstance(val, ast.Tuple):
                 el = ast.Tuple([], ast.Load())
-                el.elts.append(astNum(idx - offset))
+                el.elts.append(ast.Constant(idx - offset))
                 el.elts.append(self.gen_unpack_spec(val))
                 spec.values[0].elts.append(el)
 
-        spec.keys.append(astStr('min_len'))
-        spec.values.append(astNum(min_len))
+        spec.keys.append(ast.Constant('min_len'))
+        spec.values.append(ast.Constant(min_len))
 
         return spec
 
@@ -492,9 +480,8 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
             if isinstance(node, ast.Module):
                 _print.lineno = position
                 _print.col_offset = position
-                if IS_PY38_OR_GREATER:
-                    _print.end_lineno = position
-                    _print.end_col_offset = position
+                _print.end_lineno = position
+                _print.end_col_offset = position
                 ast.fix_missing_locations(_print)
             else:
                 copy_locations(_print, node)
@@ -535,63 +522,22 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
 
     # ast for Literals
 
-    if IS_PY38_OR_GREATER:
-
-        def visit_Constant(self, node):
-            """Allow constant literals with restriction for Ellipsis.
-
-            Constant replaces Num, Str, Bytes, NameConstant and Ellipsis in
-            Python 3.8+.
-            :see: https://docs.python.org/dev/whatsnew/3.8.html#deprecated
-            """
-            if node.value is Ellipsis:
-                # Deny using `...`.
-                # Special handling necessary as ``self.not_allowed(node)``
-                # would return the Error Message:
-                # 'Constant statements are not allowed.'
-                # which is only partial true.
-                self.error(node, 'Ellipsis statements are not allowed.')
-                return
-            return self.node_contents_visit(node)
-
-    else:
-
-        def visit_Num(self, node):
-            """Allow integer numbers without restrictions.
-
-            Replaced by Constant in Python 3.8.
-            """
-            return self.node_contents_visit(node)
-
-        def visit_Str(self, node):
-            """Allow string literals without restrictions.
-
-            Replaced by Constant in Python 3.8.
-            """
-            return self.node_contents_visit(node)
-
-        def visit_Bytes(self, node):
-            """Allow bytes literals without restrictions.
+    def visit_Constant(self, node):
+        """Allow constant literals with restriction for Ellipsis.
 
-            Replaced by Constant in Python 3.8.
-            """
-            return self.node_contents_visit(node)
-
-        def visit_Ellipsis(self, node):
-            """Deny using `...`.
-
-            Replaced by Constant in Python 3.8.
-            """
-            return self.not_allowed(node)
-
-        def visit_NameConstant(self, node):
-            """Allow constant literals (True, False, None) without ...
-
-            restrictions.
-
-            Replaced by Constant in Python 3.8.
-            """
-            return self.node_contents_visit(node)
+        Constant replaces Num, Str, Bytes, NameConstant and Ellipsis in
+        Python 3.8+.
+        :see: https://docs.python.org/dev/whatsnew/3.8.html#deprecated
+        """
+        if node.value is Ellipsis:
+            # Deny using `...`.
+            # Special handling necessary as ``self.not_allowed(node)``
+            # would return the Error Message:
+            # 'Constant statements are not allowed.'
+            # which is only partial true.
+            self.error(node, 'Ellipsis statements are not allowed.')
+            return
+        return self.node_contents_visit(node)
 
     def visit_Interactive(self, node):
         """Allow single mode without restrictions."""
@@ -915,7 +861,7 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
             node = self.node_contents_visit(node)
             new_node = ast.Call(
                 func=ast.Name('_getattr_', ast.Load()),
-                args=[node.value, astStr(node.attr)],
+                args=[node.value, ast.Constant(node.attr)],
                 keywords=[])
 
             copy_locations(new_node, node)
@@ -1119,7 +1065,7 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
                 value=ast.Call(
                     func=ast.Name('_inplacevar_', ast.Load()),
                     args=[
-                        astStr(IOPERATOR_TO_STR[type(node.op)]),
+                        ast.Constant(IOPERATOR_TO_STR[type(node.op)]),
                         ast.Name(node.target.id, ast.Load()),
                         node.value
                     ],
@@ -1195,8 +1141,8 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
         return self.node_contents_visit(node)
 
     def visit_TryStar(self, node):
-        """Allow `ExceptionGroup` without restrictions."""
-        return self.node_contents_visit(node)
+        """Disallow `ExceptionGroup` due to a potential sandbox escape."""
+        self.not_allowed(node)
 
     def visit_ExceptHandler(self, node):
         """Protect exception handlers."""

{RestrictedPython-7.3.dist-info → RestrictedPython-8.0.dist-info}/METADATA

@@ -1,11 +1,11 @@
 Metadata-Version: 2.1
 Name: RestrictedPython
-Version: 7.3
+Version: 8.0
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
 Home-page: https://github.com/zopefoundation/RestrictedPython
 Author: Zope Foundation and Contributors
-Author-email: zope-dev@zope.org
-License: ZPL 2.1
+Author-email: zope-dev@zope.dev
+License: ZPL-2.1
 Project-URL: Documentation, https://restrictedpython.readthedocs.io/
 Project-URL: Source, https://github.com/zopefoundation/RestrictedPython
 Project-URL: Tracker, https://github.com/zopefoundation/RestrictedPython/issues
@@ -15,23 +15,22 @@ Classifier: License :: OSI Approved :: Zope Public License
 Classifier: Programming Language :: Python
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.7
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Topic :: Security
-Requires-Python: >=3.7, <3.13
+Requires-Python: >=3.9, <3.14
 Description-Content-Type: text/x-rst
 License-File: LICENSE.txt
-Provides-Extra: docs
-Requires-Dist: Sphinx ; extra == 'docs'
-Requires-Dist: sphinx-rtd-theme ; extra == 'docs'
 Provides-Extra: test
-Requires-Dist: pytest ; extra == 'test'
-Requires-Dist: pytest-mock ; extra == 'test'
+Requires-Dist: pytest; extra == "test"
+Requires-Dist: pytest-mock; extra == "test"
+Provides-Extra: docs
+Requires-Dist: Sphinx; extra == "docs"
+Requires-Dist: furo; extra == "docs"
 
 .. image:: https://github.com/zopefoundation/RestrictedPython/actions/workflows/tests.yml/badge.svg
     :target: https://github.com/zopefoundation/RestrictedPython/actions/workflows/tests.yml
@@ -124,6 +123,41 @@ the documentation `Contributing page
 Changes
 =======
 
+8.0 (2025-01-23)
+----------------
+
+Backwards incompatible changes
+++++++++++++++++++++++++++++++
+
+- Disallow ``try/except*`` clauses due to a possible sandbox escape and
+  probable uselessness of this feature in the context of ``RestrictedPython``.
+  In addition, remove ``ExceptionGroup`` from ``safe_builtins`` (as useful only
+  with ``try/except*``). - This feature was introduced into
+  ``RestrictedPython`` in version 6.0 for Python 3.11+. (CVE-2025-22153)
+
+- Drop support for Python 3.8.
+
+Features
+++++++++
+
+- Update setuptools version pin.
+  (`#292 <https://github.com/zopefoundation/RestrictedPython/issues/292>`_)
+
+
+7.4 (2024-10-09)
+----------------
+
+- Allow to use the package with Python 3.13.
+
+- Drop support for Python 3.7.
+
+- Provide new function ``RestrictedPython.Guards.safer_getattr_raise``.
+  It is similar to ``safer_getattr`` but handles its parameter
+  ``default`` like ``getattr``, i.e. it raises ``AttributeError``
+  if the attribute lookup fails and this parameter is not provided,
+  fixes `#287 <https://github.com/zopefoundation/RestrictedPython/issues/287>`_.
+
+
 7.3 (2024-09-30)
 ----------------
 
@@ -132,7 +166,7 @@ Changes
   and give the same level of protection as direct attribute access in an
   environment based on ``RestrictedPython``'s ``safe_builtints``.
 - Prevent information leakage via ``AttributeError.obj``
-  and the ``string`` module.
+  and the ``string`` module. (CVE-2024-47532)
 
 
 7.2 (2024-08-02)

RestrictedPython-8.0.dist-info/RECORD

@@ -0,0 +1,14 @@
+RestrictedPython/Eval.py,sha256=pa79tc-JsT7xfzwg0ceMkxyioIEnFbNHc_PsKUhkkj8,3201
+RestrictedPython/Guards.py,sha256=hGLMmqB7SPWwaxHl5elPED6MPCLCWg2nmCVM4_OYaV4,8089
+RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
+RestrictedPython/PrintCollector.py,sha256=bBCpnUPOuKz1wJDuSgh7wo2aoKfcTJeeT8OYnM-K9F8,1137
+RestrictedPython/Utilities.py,sha256=u4HUdyjGawaeHyXSakyt4gRT17BZietXnF5WqicujjE,3033
+RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
+RestrictedPython/_compat.py,sha256=2Mew5xHBB0Lg3YfhbFyTdOSt4TQCWnEBGQ1SNFeR8a0,318
+RestrictedPython/compile.py,sha256=IhcF733t-bkPcvfQ2_NyBeCbSIPtHYxR-GQNNHnaMHM,6727
+RestrictedPython/transformer.py,sha256=UEs-dqbE6r0lGq7JLszVsIXnZTnO_ak2pw8Isyp9l6s,41419
+RestrictedPython-8.0.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
+RestrictedPython-8.0.dist-info/METADATA,sha256=MgUWJ-boog0VTEnx4DfwdscAQ9wh8fxfj7wmf6exrPY,14023
+RestrictedPython-8.0.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+RestrictedPython-8.0.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
+RestrictedPython-8.0.dist-info/RECORD,,

{RestrictedPython-7.3.dist-info → RestrictedPython-8.0.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.42.0)
+Generator: setuptools (75.6.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

RestrictedPython-7.3.dist-info/RECORD

@@ -1,14 +0,0 @@
-RestrictedPython/Eval.py,sha256=pa79tc-JsT7xfzwg0ceMkxyioIEnFbNHc_PsKUhkkj8,3201
-RestrictedPython/Guards.py,sha256=YV-gxQZoXXzr7pLF3ovpVdVmKgsQ4LVcET6T-dHEMns,7962
-RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
-RestrictedPython/PrintCollector.py,sha256=bBCpnUPOuKz1wJDuSgh7wo2aoKfcTJeeT8OYnM-K9F8,1137
-RestrictedPython/Utilities.py,sha256=u4HUdyjGawaeHyXSakyt4gRT17BZietXnF5WqicujjE,3033
-RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
-RestrictedPython/_compat.py,sha256=nacdAJi4E8GKhkR99_BAxMA0AtK2FQnvrqZbG8hGofc,383
-RestrictedPython/compile.py,sha256=IhcF733t-bkPcvfQ2_NyBeCbSIPtHYxR-GQNNHnaMHM,6727
-RestrictedPython/transformer.py,sha256=toPGqFvc9WM1bnh2yIgNZcsz0ySwlSyJXViCSau-19I,42906
-RestrictedPython-7.3.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
-RestrictedPython-7.3.dist-info/METADATA,sha256=J-IFLeEBGFCNsFn1FitgU1b_fA_dzSV1BfLiuicqLlI,12981
-RestrictedPython-7.3.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-RestrictedPython-7.3.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
-RestrictedPython-7.3.dist-info/RECORD,,