canvas 0.15.0__py3-none-any.whl → 0.16.0__py3-none-any.whl

plugin_runner/sandbox.py

@@ -46,6 +46,7 @@ ALLOWED_MODULES = frozenset(
         "canvas_sdk.handlers",
         "canvas_sdk.protocols",
         "canvas_sdk.utils",
+        "canvas_sdk.templates",
         "canvas_sdk.v1",
         "canvas_sdk.value_set",
         "canvas_sdk.views",
@@ -81,6 +82,14 @@ ALLOWED_MODULES = frozenset(
 )
 
 
+##
+# FORBIDDEN_ASSIGNMENTS
+#
+# The names in this list are forbidden to be assigned to in a sandboxed runtime.
+#
+FORBIDDEN_ASSIGNMENTS = frozenset(["__name__", "__is_plugin__"])
+
+
 def _is_known_module(name: str) -> bool:
     return any(name.startswith(m) for m in ALLOWED_MODULES)
 
@@ -174,6 +183,24 @@ class Sandbox:
             elif name in FORBIDDEN_FUNC_NAMES:
                 self.error(node, f'"{name}" is a reserved name.')
 
+        def visit_Assign(self, node: ast.Assign) -> ast.AST:
+            """Check for forbidden assignments."""
+            for target in node.targets:
+                if isinstance(target, ast.Name) and target.id in FORBIDDEN_ASSIGNMENTS:
+                    self.error(node, f"Assignments to '{target.id}' are not allowed.")
+                elif isinstance(target, ast.Tuple | ast.List):
+                    self.check_for_name_in_iterable(target)
+
+            return super().visit_Assign(node)
+
+        def check_for_name_in_iterable(self, iterable_node: ast.Tuple | ast.List) -> None:
+            """Check if any element of an iterable is a forbidden assignment."""
+            for elt in iterable_node.elts:
+                if isinstance(elt, ast.Name) and elt.id in FORBIDDEN_ASSIGNMENTS:
+                    self.error(iterable_node, f"Assignments to '{elt.id}' are not allowed.")
+                elif isinstance(elt, ast.Tuple | ast.List):
+                    self.check_for_name_in_iterable(elt)
+
         def visit_Attribute(self, node: ast.Attribute) -> ast.AST:
             """Checks and mutates attribute access/assignment.
 
@@ -272,6 +299,7 @@ class Sandbox:
             },
             "__metaclass__": type,
             "__name__": self.namespace,
+            "__is_plugin__": True,
             "_write_": _unrestricted,
             "_getiter_": _unrestricted,
             "_getitem_": default_guarded_getitem,

plugin_runner/tests/fixtures/plugins/test_render_template/CANVAS_MANIFEST.json

@@ -0,0 +1,47 @@
+{
+    "sdk_version": "0.1.4",
+    "plugin_version": "0.0.1",
+    "name": "test_render_template",
+    "description": "Edit the description in CANVAS_MANIFEST.json",
+    "components": {
+        "protocols": [
+            {
+                "class": "test_render_template.protocols.my_protocol:ValidTemplate",
+                "description": "A protocol that does xyz...",
+                "data_access": {
+                    "event": "",
+                    "read": [],
+                    "write": []
+                }
+            },
+             {
+                "class": "test_render_template.protocols.my_protocol:InvalidTemplate",
+                "description": "A protocol that does xyz...",
+                "data_access": {
+                    "event": "",
+                    "read": [],
+                    "write": []
+                }
+            },
+             {
+                "class": "test_render_template.protocols.my_protocol:ForbiddenTemplate",
+                "description": "A protocol that does xyz...",
+                "data_access": {
+                    "event": "",
+                    "read": [],
+                    "write": []
+                }
+            }
+        ],
+        "commands": [],
+        "content": [],
+        "effects": [],
+        "views": []
+    },
+    "secrets": [],
+    "tags": {},
+    "references": [],
+    "license": "",
+    "diagram": false,
+    "readme": "./README.md"
+}

plugin_runner/tests/fixtures/plugins/test_render_template/README.md

@@ -0,0 +1,11 @@
+test_render_template
+====================
+
+## Description
+
+A description of this plugin
+
+### Important Note!
+
+The CANVAS_MANIFEST.json is used when installing your plugin. Please ensure it
+gets updated if you add, remove, or rename protocols.

plugin_runner/tests/fixtures/plugins/test_render_template/protocols/my_protocol.py

@@ -0,0 +1,43 @@
+from canvas_sdk.effects import Effect, EffectType
+from canvas_sdk.events import EventType
+from canvas_sdk.protocols import BaseProtocol
+from canvas_sdk.templates import render_to_string
+
+
+class ValidTemplate(BaseProtocol):
+    """You should put a helpful description of this protocol's behavior here."""
+
+    RESPONDS_TO = [EventType.Name(EventType.UNKNOWN)]
+
+    def compute(self) -> list[Effect]:
+        """This method gets called when an event of the type RESPONDS_TO is fired."""
+        return [
+            Effect(type=EffectType.LOG, payload=render_to_string("templates/template.html", None))
+        ]
+
+
+class InvalidTemplate(BaseProtocol):
+    """You should put a helpful description of this protocol's behavior here."""
+
+    RESPONDS_TO = [EventType.Name(EventType.UNKNOWN)]
+
+    def compute(self) -> list[Effect]:
+        """This method gets called when an event of the type RESPONDS_TO is fired."""
+        return [
+            Effect(type=EffectType.LOG, payload=render_to_string("templates/template1.html", None))
+        ]
+
+
+class ForbiddenTemplate(BaseProtocol):
+    """You should put a helpful description of this protocol's behavior here."""
+
+    RESPONDS_TO = [EventType.Name(EventType.UNKNOWN)]
+
+    def compute(self) -> list[Effect]:
+        """This method gets called when an event of the type RESPONDS_TO is fired."""
+        return [
+            Effect(
+                type=EffectType.LOG,
+                payload=render_to_string("../../templates/template.html", None),
+            )
+        ]

plugin_runner/tests/fixtures/plugins/test_render_template/templates/template.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+  </head>
+  <body>
+
+  </body>
+</html>

plugin_runner/tests/test_plugin_runner.py

@@ -1,6 +1,5 @@
 import logging
 import shutil
-from collections.abc import Generator
 from pathlib import Path
 from unittest.mock import MagicMock, patch
 
@@ -18,51 +17,6 @@ from plugin_runner.plugin_runner import (
 )
 
 
-@pytest.fixture
-def install_test_plugin(request: pytest.FixtureRequest) -> Generator[Path, None, None]:
-    """Copies a specified plugin from the fixtures directory to the data directory
-    and removes it after the test.
-
-    Parameters:
-    - request.param: The name of the plugin package to copy.
-
-    Yields:
-    - Path to the copied plugin directory.
-    """
-    # Define base directories
-    base_dir = Path("./plugin_runner/tests")
-    fixture_plugin_dir = base_dir / "fixtures" / "plugins"
-    data_plugin_dir = base_dir / "data" / "plugins"
-
-    # The plugin name should be passed as a parameter to the fixture
-    plugin_name = request.param  # Expected to be a str
-    src_plugin_path = fixture_plugin_dir / plugin_name
-    dest_plugin_path = data_plugin_dir / plugin_name
-
-    # Ensure the data plugin directory exists
-    data_plugin_dir.mkdir(parents=True, exist_ok=True)
-
-    # Copy the specific plugin from fixtures to data
-    try:
-        shutil.copytree(src_plugin_path, dest_plugin_path)
-        yield dest_plugin_path  # Provide the path to the test
-    finally:
-        # Cleanup: remove data/plugins directory after the test
-        if dest_plugin_path.exists():
-            shutil.rmtree(dest_plugin_path)
-
-
-@pytest.fixture
-def load_test_plugins() -> Generator[None, None, None]:
-    """Manages the lifecycle of test plugins by loading and unloading them."""
-    try:
-        load_plugins()
-        yield
-    finally:
-        LOADED_PLUGINS.clear()
-        EVENT_HANDLER_MAP.clear()
-
-
 @pytest.fixture
 def plugin_runner() -> PluginRunner:
     """Fixture to initialize PluginRunner with mocks."""

plugin_runner/tests/test_sandbox.py

@@ -1,6 +1,6 @@
 import pytest
 
-from plugin_runner.sandbox import Sandbox
+from plugin_runner.sandbox import FORBIDDEN_ASSIGNMENTS, Sandbox
 
 # Sample code strings for testing various scenarios
 VALID_CODE = """
@@ -33,6 +33,18 @@ import module.b
 result = module.b
 """
 
+CODE_WITH_FORBIDDEN_ASSIGNMENTS = [
+    code
+    for var in FORBIDDEN_ASSIGNMENTS
+    for code in [
+        f"{var} = 'test'",
+        f"test = {var} = 'test'",
+        f"test = {var} = test2 = 'test'",
+        f"(a, (b, c), (d, ({var}, f))) = (1, (2, 3), (4, (5, 6)))",
+        f"(a, (b, c), (d, [{var}, f])) = (1, (2, 3), (4, [5, 6]))",
+    ]
+]
+
 
 def test_valid_code_execution() -> None:
     """Test execution of valid code in the sandbox."""
@@ -69,6 +81,14 @@ def test_forbidden_name() -> None:
         sandbox.execute()
 
 
+@pytest.mark.parametrize("code", CODE_WITH_FORBIDDEN_ASSIGNMENTS)
+def test_forbidden_assignment(code: str) -> None:
+    """Test that forbidden assignments are blocked by Transformer."""
+    sandbox = Sandbox(code)
+    with pytest.raises(RuntimeError, match="Code is invalid"):
+        sandbox.execute()
+
+
 def test_code_with_warnings() -> None:
     """Test that the sandbox captures warnings for restricted names or usage."""
     code_with_warning = """

settings.py

@@ -72,3 +72,13 @@ PLUGIN_DIRECTORY = os.getenv(
 MANIFEST_FILE_NAME = "CANVAS_MANIFEST.json"
 
 SECRETS_FILE_NAME = "SECRETS.json"
+
+
+TEMPLATES = [
+    {
+        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        "DIRS": [],
+        "APP_DIRS": False,
+        "OPTIONS": {},
+    },
+]