RestrictedPython 7.4__py3-none-any.whl → 8.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- RestrictedPython/Guards.py +0 -4
- RestrictedPython/_compat.py +2 -0
- RestrictedPython/transformer.py +25 -2
- {RestrictedPython-7.4.dist-info → restrictedpython-8.1.dist-info}/METADATA +55 -8
- restrictedpython-8.1.dist-info/RECORD +14 -0
- {RestrictedPython-7.4.dist-info → restrictedpython-8.1.dist-info}/WHEEL +1 -1
- RestrictedPython-7.4.dist-info/RECORD +0 -14
- {RestrictedPython-7.4.dist-info → restrictedpython-8.1.dist-info/licenses}/LICENSE.txt +0 -0
- {RestrictedPython-7.4.dist-info → restrictedpython-8.1.dist-info}/top_level.txt +0 -0
RestrictedPython/Guards.py
CHANGED
|
@@ -17,7 +17,6 @@
|
|
|
17
17
|
|
|
18
18
|
import builtins
|
|
19
19
|
|
|
20
|
-
from RestrictedPython._compat import IS_PY311_OR_GREATER
|
|
21
20
|
from RestrictedPython.transformer import INSPECT_ATTRIBUTES
|
|
22
21
|
|
|
23
22
|
|
|
@@ -106,9 +105,6 @@ _safe_exceptions = [
|
|
|
106
105
|
'ZeroDivisionError',
|
|
107
106
|
]
|
|
108
107
|
|
|
109
|
-
if IS_PY311_OR_GREATER:
|
|
110
|
-
_safe_exceptions.append("ExceptionGroup")
|
|
111
|
-
|
|
112
108
|
for name in _safe_names:
|
|
113
109
|
safe_builtins[name] = getattr(builtins, name)
|
|
114
110
|
|
RestrictedPython/_compat.py
CHANGED
|
@@ -6,5 +6,7 @@ _version = sys.version_info
|
|
|
6
6
|
IS_PY310_OR_GREATER = _version.major == 3 and _version.minor >= 10
|
|
7
7
|
IS_PY311_OR_GREATER = _version.major == 3 and _version.minor >= 11
|
|
8
8
|
IS_PY312_OR_GREATER = _version.major == 3 and _version.minor >= 12
|
|
9
|
+
IS_PY313_OR_GREATER = _version.major == 3 and _version.minor >= 13
|
|
10
|
+
IS_PY314_OR_GREATER = _version.major == 3 and _version.minor >= 14
|
|
9
11
|
|
|
10
12
|
IS_CPYTHON = platform.python_implementation() == 'CPython'
|
RestrictedPython/transformer.py
CHANGED
|
@@ -73,6 +73,7 @@ INSPECT_ATTRIBUTES = frozenset([
|
|
|
73
73
|
"f_back",
|
|
74
74
|
"f_builtins",
|
|
75
75
|
"f_code",
|
|
76
|
+
"f_generator",
|
|
76
77
|
"f_globals",
|
|
77
78
|
# "f_lasti", # int
|
|
78
79
|
# "f_lineno", # int
|
|
@@ -99,6 +100,7 @@ INSPECT_ATTRIBUTES = frozenset([
|
|
|
99
100
|
# on generator objects:
|
|
100
101
|
"gi_frame",
|
|
101
102
|
# "gi_running", # bool
|
|
103
|
+
# "gi_suspended", # bool
|
|
102
104
|
"gi_code",
|
|
103
105
|
"gi_yieldfrom",
|
|
104
106
|
# on coroutine objects:
|
|
@@ -563,6 +565,27 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
|
|
|
563
565
|
"""Allow f-strings without restrictions."""
|
|
564
566
|
return self.node_contents_visit(node)
|
|
565
567
|
|
|
568
|
+
def visit_TemplateStr(self, node):
|
|
569
|
+
"""Template strings are allowed by default.
|
|
570
|
+
|
|
571
|
+
As Template strings are a very basic template mechanism, that needs
|
|
572
|
+
additional rendering logic to be useful, they are not blocked by
|
|
573
|
+
default.
|
|
574
|
+
Those rendering logic would be affected by RestrictedPython as well.
|
|
575
|
+
"""
|
|
576
|
+
return self.node_contents_visit(node)
|
|
577
|
+
|
|
578
|
+
def visit_Interpolation(self, node):
|
|
579
|
+
"""Interpolations are allowed by default.
|
|
580
|
+
|
|
581
|
+
As Interpolations are part of Template Strings, they are needed
|
|
582
|
+
to be reached in the context of RestrictedPython as Template Strings
|
|
583
|
+
are allowed. As a user has to provide additional rendering logic
|
|
584
|
+
to make use of Template Strings, the security implications of
|
|
585
|
+
Interpolations are limited in the context of RestrictedPython.
|
|
586
|
+
"""
|
|
587
|
+
return self.node_contents_visit(node)
|
|
588
|
+
|
|
566
589
|
def visit_JoinedStr(self, node):
|
|
567
590
|
"""Allow joined string without restrictions."""
|
|
568
591
|
return self.node_contents_visit(node)
|
|
@@ -1141,8 +1164,8 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
|
|
|
1141
1164
|
return self.node_contents_visit(node)
|
|
1142
1165
|
|
|
1143
1166
|
def visit_TryStar(self, node):
|
|
1144
|
-
"""
|
|
1145
|
-
|
|
1167
|
+
"""Disallow `ExceptionGroup` due to a potential sandbox escape."""
|
|
1168
|
+
self.not_allowed(node)
|
|
1146
1169
|
|
|
1147
1170
|
def visit_ExceptHandler(self, node):
|
|
1148
1171
|
"""Protect exception handlers."""
|
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
Metadata-Version: 2.
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
2
|
Name: RestrictedPython
|
|
3
|
-
Version:
|
|
3
|
+
Version: 8.1
|
|
4
4
|
Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
|
|
5
5
|
Home-page: https://github.com/zopefoundation/RestrictedPython
|
|
6
6
|
Author: Zope Foundation and Contributors
|
|
7
7
|
Author-email: zope-dev@zope.dev
|
|
8
|
-
License: ZPL
|
|
8
|
+
License: ZPL-2.1
|
|
9
9
|
Project-URL: Documentation, https://restrictedpython.readthedocs.io/
|
|
10
10
|
Project-URL: Source, https://github.com/zopefoundation/RestrictedPython
|
|
11
11
|
Project-URL: Tracker, https://github.com/zopefoundation/RestrictedPython/issues
|
|
@@ -15,23 +15,36 @@ Classifier: License :: OSI Approved :: Zope Public License
|
|
|
15
15
|
Classifier: Programming Language :: Python
|
|
16
16
|
Classifier: Operating System :: OS Independent
|
|
17
17
|
Classifier: Programming Language :: Python :: 3
|
|
18
|
-
Classifier: Programming Language :: Python :: 3.8
|
|
19
18
|
Classifier: Programming Language :: Python :: 3.9
|
|
20
19
|
Classifier: Programming Language :: Python :: 3.10
|
|
21
20
|
Classifier: Programming Language :: Python :: 3.11
|
|
22
21
|
Classifier: Programming Language :: Python :: 3.12
|
|
23
22
|
Classifier: Programming Language :: Python :: 3.13
|
|
23
|
+
Classifier: Programming Language :: Python :: 3.14
|
|
24
24
|
Classifier: Programming Language :: Python :: Implementation :: CPython
|
|
25
25
|
Classifier: Topic :: Security
|
|
26
|
-
Requires-Python: >=3.
|
|
26
|
+
Requires-Python: >=3.9, <3.15
|
|
27
27
|
Description-Content-Type: text/x-rst
|
|
28
28
|
License-File: LICENSE.txt
|
|
29
|
-
Provides-Extra: docs
|
|
30
|
-
Requires-Dist: Sphinx; extra == "docs"
|
|
31
|
-
Requires-Dist: furo; extra == "docs"
|
|
32
29
|
Provides-Extra: test
|
|
33
30
|
Requires-Dist: pytest; extra == "test"
|
|
34
31
|
Requires-Dist: pytest-mock; extra == "test"
|
|
32
|
+
Provides-Extra: docs
|
|
33
|
+
Requires-Dist: Sphinx; extra == "docs"
|
|
34
|
+
Requires-Dist: furo; extra == "docs"
|
|
35
|
+
Dynamic: author
|
|
36
|
+
Dynamic: author-email
|
|
37
|
+
Dynamic: classifier
|
|
38
|
+
Dynamic: description
|
|
39
|
+
Dynamic: description-content-type
|
|
40
|
+
Dynamic: home-page
|
|
41
|
+
Dynamic: keywords
|
|
42
|
+
Dynamic: license
|
|
43
|
+
Dynamic: license-file
|
|
44
|
+
Dynamic: project-url
|
|
45
|
+
Dynamic: provides-extra
|
|
46
|
+
Dynamic: requires-python
|
|
47
|
+
Dynamic: summary
|
|
35
48
|
|
|
36
49
|
.. image:: https://github.com/zopefoundation/RestrictedPython/actions/workflows/tests.yml/badge.svg
|
|
37
50
|
:target: https://github.com/zopefoundation/RestrictedPython/actions/workflows/tests.yml
|
|
@@ -124,6 +137,40 @@ the documentation `Contributing page
|
|
|
124
137
|
Changes
|
|
125
138
|
=======
|
|
126
139
|
|
|
140
|
+
8.1 (2025-10-19)
|
|
141
|
+
----------------
|
|
142
|
+
|
|
143
|
+
- Allow to use the package with Python 3.14 including t-string support.
|
|
144
|
+
|
|
145
|
+
|
|
146
|
+
8.1a1.dev0 (2025-03-20)
|
|
147
|
+
-----------------------
|
|
148
|
+
|
|
149
|
+
- Allow to use the package with Python 3.14 -- Caution: No security
|
|
150
|
+
audit has been done so far.
|
|
151
|
+
|
|
152
|
+
|
|
153
|
+
8.0 (2025-01-23)
|
|
154
|
+
----------------
|
|
155
|
+
|
|
156
|
+
Backwards incompatible changes
|
|
157
|
+
++++++++++++++++++++++++++++++
|
|
158
|
+
|
|
159
|
+
- Disallow ``try/except*`` clauses due to a possible sandbox escape and
|
|
160
|
+
probable uselessness of this feature in the context of ``RestrictedPython``.
|
|
161
|
+
In addition, remove ``ExceptionGroup`` from ``safe_builtins`` (as useful only
|
|
162
|
+
with ``try/except*``). - This feature was introduced into
|
|
163
|
+
``RestrictedPython`` in version 6.0 for Python 3.11+. (CVE-2025-22153)
|
|
164
|
+
|
|
165
|
+
- Drop support for Python 3.8.
|
|
166
|
+
|
|
167
|
+
Features
|
|
168
|
+
++++++++
|
|
169
|
+
|
|
170
|
+
- Update setuptools version pin.
|
|
171
|
+
(`#292 <https://github.com/zopefoundation/RestrictedPython/issues/292>`_)
|
|
172
|
+
|
|
173
|
+
|
|
127
174
|
7.4 (2024-10-09)
|
|
128
175
|
----------------
|
|
129
176
|
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
RestrictedPython/Eval.py,sha256=pa79tc-JsT7xfzwg0ceMkxyioIEnFbNHc_PsKUhkkj8,3201
|
|
2
|
+
RestrictedPython/Guards.py,sha256=hGLMmqB7SPWwaxHl5elPED6MPCLCWg2nmCVM4_OYaV4,8089
|
|
3
|
+
RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
|
|
4
|
+
RestrictedPython/PrintCollector.py,sha256=bBCpnUPOuKz1wJDuSgh7wo2aoKfcTJeeT8OYnM-K9F8,1137
|
|
5
|
+
RestrictedPython/Utilities.py,sha256=u4HUdyjGawaeHyXSakyt4gRT17BZietXnF5WqicujjE,3033
|
|
6
|
+
RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
|
|
7
|
+
RestrictedPython/_compat.py,sha256=oWDpXfUVHwB36euBXNGs3ctNpbHwKCyNhU1VZAP_U0o,452
|
|
8
|
+
RestrictedPython/compile.py,sha256=IhcF733t-bkPcvfQ2_NyBeCbSIPtHYxR-GQNNHnaMHM,6727
|
|
9
|
+
RestrictedPython/transformer.py,sha256=kpWFVLJ1SjBjDzTJhoNfRvnPOHUBy4X6f_XEbyOs7M0,42376
|
|
10
|
+
restrictedpython-8.1.dist-info/licenses/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
|
|
11
|
+
restrictedpython-8.1.dist-info/METADATA,sha256=iKqfMV3IMYc-rwgXSn0HYV0JXrC0R7CZo3w2Lv0ES94,14608
|
|
12
|
+
restrictedpython-8.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
13
|
+
restrictedpython-8.1.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
|
|
14
|
+
restrictedpython-8.1.dist-info/RECORD,,
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
RestrictedPython/Eval.py,sha256=pa79tc-JsT7xfzwg0ceMkxyioIEnFbNHc_PsKUhkkj8,3201
|
|
2
|
-
RestrictedPython/Guards.py,sha256=Ls4eJa94nj6z6L65faEBCX8m7dHr3iF4n8-HlFpMniE,8217
|
|
3
|
-
RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
|
|
4
|
-
RestrictedPython/PrintCollector.py,sha256=bBCpnUPOuKz1wJDuSgh7wo2aoKfcTJeeT8OYnM-K9F8,1137
|
|
5
|
-
RestrictedPython/Utilities.py,sha256=u4HUdyjGawaeHyXSakyt4gRT17BZietXnF5WqicujjE,3033
|
|
6
|
-
RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
|
|
7
|
-
RestrictedPython/_compat.py,sha256=2Mew5xHBB0Lg3YfhbFyTdOSt4TQCWnEBGQ1SNFeR8a0,318
|
|
8
|
-
RestrictedPython/compile.py,sha256=IhcF733t-bkPcvfQ2_NyBeCbSIPtHYxR-GQNNHnaMHM,6727
|
|
9
|
-
RestrictedPython/transformer.py,sha256=qpvsswxFDkVTra48qxQivnAbBoVdmEVLgdDKCwwt2cI,41418
|
|
10
|
-
RestrictedPython-7.4.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
|
|
11
|
-
RestrictedPython-7.4.dist-info/METADATA,sha256=oU8AXsXRUKtaYTnteX0ulTyVZQVM2gQBdXeRDGwKLHg,13448
|
|
12
|
-
RestrictedPython-7.4.dist-info/WHEEL,sha256=Mdi9PDNwEZptOjTlUcAth7XJDFtKrHYaQMPulZeBCiQ,91
|
|
13
|
-
RestrictedPython-7.4.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
|
|
14
|
-
RestrictedPython-7.4.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|