RestrictedPython 8.1a1.dev0__py3-none-any.whl → 8.3__py3-none-any.whl

RestrictedPython/Guards.py

@@ -27,6 +27,7 @@ _safe_names = [
     'None',
     'False',
     'True',
+    'Ellipsis',
     'abs',
     'bool',
     'bytes',

RestrictedPython/_compat.py

@@ -3,8 +3,9 @@ import sys
 
 
 _version = sys.version_info
-IS_PY310_OR_GREATER = _version.major == 3 and _version.minor >= 10
 IS_PY311_OR_GREATER = _version.major == 3 and _version.minor >= 11
 IS_PY312_OR_GREATER = _version.major == 3 and _version.minor >= 12
+IS_PY313_OR_GREATER = _version.major == 3 and _version.minor >= 13
+IS_PY314_OR_GREATER = _version.major == 3 and _version.minor >= 14
 
 IS_CPYTHON = platform.python_implementation() == 'CPython'

RestrictedPython/transformer.py

@@ -73,6 +73,7 @@ INSPECT_ATTRIBUTES = frozenset([
     "f_back",
     "f_builtins",
     "f_code",
+    "f_generator",
     "f_globals",
     # "f_lasti",  # int
     # "f_lineno",  # int
@@ -99,6 +100,7 @@ INSPECT_ATTRIBUTES = frozenset([
     # on generator objects:
     "gi_frame",
     # "gi_running",  # bool
+    # "gi_suspended",  # bool
     "gi_code",
     "gi_yieldfrom",
     # on coroutine objects:
@@ -354,60 +356,11 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
         return (tmp_target, cleanup)
 
     def gen_none_node(self):
-        return ast.NameConstant(value=None)
+        return ast.Constant(None)
 
     def gen_del_stmt(self, name_to_del):
         return ast.Delete(targets=[ast.Name(name_to_del, ast.Del())])
 
-    def transform_slice(self, slice_):
-        """Transform slices into function parameters.
-
-        ast.Slice nodes are only allowed within a ast.Subscript node.
-        To use a slice as an argument of ast.Call it has to be converted.
-        Conversion is done by calling the 'slice' function from builtins
-        """
-
-        if isinstance(slice_, ast.expr):
-            # Python 3.9+
-            return slice_
-
-        elif isinstance(slice_, ast.Index):
-            return slice_.value
-
-        elif isinstance(slice_, ast.Slice):
-            # Create a python slice object.
-            args = []
-
-            if slice_.lower:
-                args.append(slice_.lower)
-            else:
-                args.append(self.gen_none_node())
-
-            if slice_.upper:
-                args.append(slice_.upper)
-            else:
-                args.append(self.gen_none_node())
-
-            if slice_.step:
-                args.append(slice_.step)
-            else:
-                args.append(self.gen_none_node())
-
-            return ast.Call(
-                func=ast.Name('slice', ast.Load()),
-                args=args,
-                keywords=[])
-
-        elif isinstance(slice_, ast.ExtSlice):
-            dims = ast.Tuple([], ast.Load())
-            for item in slice_.dims:
-                dims.elts.append(self.transform_slice(item))
-            return dims
-
-        else:  # pragma: no cover
-            # Index, Slice and ExtSlice are only defined Slice types.
-            raise NotImplementedError(f"Unknown slice type: {slice_}")
-
     def check_name(self, node, name, allow_magic_methods=False):
         """Check names if they are allowed.
 
@@ -434,6 +387,9 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
             self.error(node, f'"{name}" is a reserved name.')
 
     def check_function_argument_names(self, node):
+        for arg in node.args.posonlyargs:
+            self.check_name(node, arg.arg)
+
         for arg in node.args.args:
             self.check_name(node, arg.arg)
 
@@ -523,20 +479,12 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
     # ast for Literals
 
     def visit_Constant(self, node):
-        """Allow constant literals with restriction for Ellipsis.
+        """Allow constant literals.
 
         Constant replaces Num, Str, Bytes, NameConstant and Ellipsis in
         Python 3.8+.
         :see: https://docs.python.org/dev/whatsnew/3.8.html#deprecated
         """
-        if node.value is Ellipsis:
-            # Deny using `...`.
-            # Special handling necessary as ``self.not_allowed(node)``
-            # would return the Error Message:
-            # 'Constant statements are not allowed.'
-            # which is only partial true.
-            self.error(node, 'Ellipsis statements are not allowed.')
-            return
         return self.node_contents_visit(node)
 
     def visit_Interactive(self, node):
@@ -563,6 +511,27 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
         """Allow f-strings without restrictions."""
         return self.node_contents_visit(node)
 
+    def visit_TemplateStr(self, node):
+        """Template strings are allowed by default.
+
+        As Template strings are a very basic template mechanism, that needs
+        additional rendering logic to be useful, they are not blocked by
+        default.
+        Those rendering logic would be affected by RestrictedPython as well.
+        """
+        return self.node_contents_visit(node)
+
+    def visit_Interpolation(self, node):
+        """Interpolations are allowed by default.
+
+        As Interpolations are part of Template Strings, they are needed
+        to be reached in the context of RestrictedPython as Template Strings
+        are allowed. As a user has to provide additional rendering logic
+        to make use of Template Strings, the security implications of
+        Interpolations are limited in the context of RestrictedPython.
+        """
+        return self.node_contents_visit(node)
+
     def visit_JoinedStr(self, node):
         """Allow joined string without restrictions."""
         return self.node_contents_visit(node)
@@ -909,7 +878,7 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
         if isinstance(node.ctx, ast.Load):
             new_node = ast.Call(
                 func=ast.Name('_getitem_', ast.Load()),
-                args=[node.value, self.transform_slice(node.slice)],
+                args=[node.value, node.slice],
                 keywords=[])
 
             copy_locations(new_node, node)
@@ -930,24 +899,12 @@ class RestrictingNodeTransformer(ast.NodeTransformer):
             raise NotImplementedError(
                 f"Unknown ctx type: {type(node.ctx)}")
 
-    def visit_Index(self, node):
-        """
-
-        """
-        return self.node_contents_visit(node)
-
     def visit_Slice(self, node):
         """
 
         """
         return self.node_contents_visit(node)
 
-    def visit_ExtSlice(self, node):
-        """
-
-        """
-        return self.node_contents_visit(node)
-
     # Comprehensions
 
     def visit_ListComp(self, node):

{restrictedpython-8.1a1.dev0.dist-info → restrictedpython-8.3.dist-info}/METADATA

@@ -1,28 +1,27 @@
-Metadata-Version: 2.2
+Metadata-Version: 2.4
 Name: RestrictedPython
-Version: 8.1a1.dev0
+Version: 8.3
 Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
-Home-page: https://github.com/zopefoundation/RestrictedPython
-Author: Zope Foundation and Contributors
-Author-email: zope-dev@zope.dev
-License: ZPL-2.1
+Author-email: Zope Foundation and contributors <zope-dev@zope.dev>
+Maintainer-email: Plone Foundation and contributors <zope-dev@zope.dev>
+License-Expression: ZPL-2.1
 Project-URL: Documentation, https://restrictedpython.readthedocs.io/
+Project-URL: Issues, https://github.com/zopefoundation/RestrictedPython/issues
 Project-URL: Source, https://github.com/zopefoundation/RestrictedPython
-Project-URL: Tracker, https://github.com/zopefoundation/RestrictedPython/issues
-Keywords: restricted execution security untrusted code
+Project-URL: Changelog, https://github.com/zopefoundation/RestrictedPython/blob/master/CHANGES.rst
+Keywords: restricted,execution,security,untrusted,code
 Classifier: Development Status :: 6 - Mature
-Classifier: License :: OSI Approved :: Zope Public License
 Classifier: Programming Language :: Python
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Topic :: Security
-Requires-Python: >=3.9, <3.15
+Requires-Python: <3.16,>=3.10
 Description-Content-Type: text/x-rst
 License-File: LICENSE.txt
 Provides-Extra: test
@@ -31,18 +30,7 @@ Requires-Dist: pytest-mock; extra == "test"
 Provides-Extra: docs
 Requires-Dist: Sphinx; extra == "docs"
 Requires-Dist: furo; extra == "docs"
-Dynamic: author
-Dynamic: author-email
-Dynamic: classifier
-Dynamic: description
-Dynamic: description-content-type
-Dynamic: home-page
-Dynamic: keywords
-Dynamic: license
-Dynamic: project-url
-Dynamic: provides-extra
-Dynamic: requires-python
-Dynamic: summary
+Dynamic: license-file
 
 .. image:: https://github.com/zopefoundation/RestrictedPython/actions/workflows/tests.yml/badge.svg
     :target: https://github.com/zopefoundation/RestrictedPython/actions/workflows/tests.yml
@@ -135,11 +123,39 @@ the documentation `Contributing page
 Changes
 =======
 
-8.1a1.dev0 (2025-03-20)
+8.3 (2026-06-16)
+----------------
+
+- Switch to PyPI Trusted Publishing for the package release process
+
+- Also validate positional-only argument names (parameters before ``/``) so
+  they cannot start with an underscore, closing a sandbox escape where a
+  positional-only parameter could shadow an injected protected name such as
+  ``_getattr_``, ``_getitem_``, ``_write_`` or ``_print_``.
+
+
+8.3a1.dev0 (2026-05-29)
 -----------------------
 
-- Allow to use the package with Python 3.14 -- Caution: No security
-  audit has been done so far.
+- Allow to use the package with Python 3.15 -- Caution: No security audit has been done so far.
+
+
+8.2 (2026-05-29)
+----------------
+
+- Remove documentation that appears to promote unsupported direct guards usage.
+
+- Move package metadata from setup.py to pyproject.toml.
+
+- Drop support for Python 3.9.
+
+- Allow the ``...`` (Ellipsis) statement.
+
+
+8.1 (2025-10-19)
+----------------
+
+- Allow to use the package with Python 3.14 including t-string support.
 
 
 8.0 (2025-01-23)

restrictedpython-8.3.dist-info/RECORD

@@ -0,0 +1,14 @@
+RestrictedPython/Eval.py,sha256=pa79tc-JsT7xfzwg0ceMkxyioIEnFbNHc_PsKUhkkj8,3201
+RestrictedPython/Guards.py,sha256=e8xUs0VbvEQxnUu7ylyJNq7xyhGhQ4QuiiAEJIl4mc4,8105
+RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
+RestrictedPython/PrintCollector.py,sha256=bBCpnUPOuKz1wJDuSgh7wo2aoKfcTJeeT8OYnM-K9F8,1137
+RestrictedPython/Utilities.py,sha256=u4HUdyjGawaeHyXSakyt4gRT17BZietXnF5WqicujjE,3033
+RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
+RestrictedPython/_compat.py,sha256=eGzz9dyKpYrhyytUV1Ul860zu5GZq9Ew9EQ3CqjVl0Y,385
+RestrictedPython/compile.py,sha256=IhcF733t-bkPcvfQ2_NyBeCbSIPtHYxR-GQNNHnaMHM,6727
+RestrictedPython/transformer.py,sha256=-3ga3rf6jtO6C23tpFgtszXKlcwoOPyZqK65ev3_I3Y,40267
+restrictedpython-8.3.dist-info/licenses/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
+restrictedpython-8.3.dist-info/METADATA,sha256=Kjj7EG2D8HejxlGqC_khj_HzUWAOom35RxWFd0L7QUQ,14997
+restrictedpython-8.3.dist-info/WHEEL,sha256=YLJXdYXQ2FQ0Uqn2J-6iEIC-3iOey8lH3xCtvFLkd8Q,91
+restrictedpython-8.3.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
+restrictedpython-8.3.dist-info/RECORD,,

{restrictedpython-8.1a1.dev0.dist-info → restrictedpython-8.3.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.8.2)
+Generator: setuptools (81.0.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

restrictedpython-8.1a1.dev0.dist-info/RECORD

@@ -1,14 +0,0 @@
-RestrictedPython/Eval.py,sha256=pa79tc-JsT7xfzwg0ceMkxyioIEnFbNHc_PsKUhkkj8,3201
-RestrictedPython/Guards.py,sha256=hGLMmqB7SPWwaxHl5elPED6MPCLCWg2nmCVM4_OYaV4,8089
-RestrictedPython/Limits.py,sha256=dORpuly21vSjy8gzNac9IYfIXMMWRVFvqUiKKIeZ3OM,1866
-RestrictedPython/PrintCollector.py,sha256=bBCpnUPOuKz1wJDuSgh7wo2aoKfcTJeeT8OYnM-K9F8,1137
-RestrictedPython/Utilities.py,sha256=u4HUdyjGawaeHyXSakyt4gRT17BZietXnF5WqicujjE,3033
-RestrictedPython/__init__.py,sha256=qB_s6zDxuXPAGMoKYKBMc-xZ0gTnQ0ZvtY5FxdAG3aM,1862
-RestrictedPython/_compat.py,sha256=2Mew5xHBB0Lg3YfhbFyTdOSt4TQCWnEBGQ1SNFeR8a0,318
-RestrictedPython/compile.py,sha256=IhcF733t-bkPcvfQ2_NyBeCbSIPtHYxR-GQNNHnaMHM,6727
-RestrictedPython/transformer.py,sha256=UEs-dqbE6r0lGq7JLszVsIXnZTnO_ak2pw8Isyp9l6s,41419
-restrictedpython-8.1a1.dev0.dist-info/LICENSE.txt,sha256=PmcdsR32h1FswdtbPWXkqjg-rKPCDOo_r1Og9zNdCjw,2070
-restrictedpython-8.1a1.dev0.dist-info/METADATA,sha256=DkKGZ8zJq_r9nj5RoJVJ7Sa7u1J2tH62Fjg_vnSMA9A,14433
-restrictedpython-8.1a1.dev0.dist-info/WHEEL,sha256=jB7zZ3N9hIM9adW7qlTAyycLYW9npaWKLRzaoVcLKcM,91
-restrictedpython-8.1a1.dev0.dist-info/top_level.txt,sha256=E1-3ARWcduVJnQAScms0FgqnBx_PovrzYsNMYuLGwa0,17
-restrictedpython-8.1a1.dev0.dist-info/RECORD,,