/usr/share/pyshared/RestrictedPython-3.6.0.egg-info/PKG-INFO is in python-restrictedpython 3.6.0-0ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 | Metadata-Version: 1.0
Name: RestrictedPython
Version: 3.6.0
Summary: RestrictedPython provides a restricted execution environment for Python, e.g. for running untrusted code.
Home-page: http://pypi.python.org/pypi/RestrictedPython
Author: Zope Foundation and Contributors
Author-email: zope-dev@zope.org
License: ZPL 2.1
Description: .. contents::
Overview
========
RestrictedPython provides a ``restricted_compile`` function that works
like the built-in ``compile`` function, except that it allows the
controlled and restricted execution of code:
>>> src = '''
... def hello_world():
... return "Hello World!"
... '''
>>> from RestrictedPython import compile_restricted
>>> code = compile_restricted(src, '<string>', 'exec')
The resulting code can be executed using the ``exec`` built-in:
>>> exec(code)
As a result, the ``hello_world`` function is now available in the
global namespace:
>>> hello_world()
'Hello World!'
Compatibility
=============
This release of RestrictedPython is compatible with Python 2.3, 2.4, 2.5, 2.6,
and 2.7.
Implementing a policy
=====================
RestrictedPython only provides the raw material for restricted
execution. To actually enforce any restrictions, you need to supply a
policy implementation by providing restricted versions of ``print``,
``getattr``, ``setattr``, ``import``, etc. These restricted
implementations are hooked up by providing a set of specially named
objects in the global dict that you use for execution of code.
Specifically:
1. ``_print_`` is a callable object that returns a handler for print
statements. This handler must have a ``write()`` method that
accepts a single string argument, and must return a string when
called. ``RestrictedPython.PrintCollector.PrintCollector`` is a
suitable implementation.
2. ``_write_`` is a guard function taking a single argument. If the
object passed to it may be written to, it should be returned,
otherwise the guard function should raise an exception. ``_write``
is typically called on an object before a ``setattr`` operation.
3. ``_getattr_`` and ``_getitem_`` are guard functions, each of which
takes two arguments. The first is the base object to be accessed,
while the second is the attribute name or item index that will be
read. The guard function should return the attribute or subitem,
or raise an exception.
4. ``__import__`` is the normal Python import hook, and should be used
to control access to Python packages and modules.
5. ``__builtins__`` is the normal Python builtins dictionary, which
should be weeded down to a set that cannot be used to get around
your restrictions. A usable "safe" set is
``RestrictedPython.Guards.safe_builtins``.
To help illustrate how this works under the covers, here's an example
function::
def f(x):
x.foo = x.foo + x[0]
print x
return printed
and (sort of) how it looks after restricted compilation::
def f(x):
# Make local variables from globals.
_print = _print_()
_write = _write_
_getattr = _getattr_
_getitem = _getitem_
# Translation of f(x) above
_write(x).foo = _getattr(x, 'foo') + _getitem(x, 0)
print >>_print, x
return _print()
Examples
========
``print``
---------
To support the ``print`` statement in restricted code, we supply a
``_print_`` object (note that it's a *factory*, e.g. a class or a
callable, from which the restricted machinery will create the object):
>>> from RestrictedPython.PrintCollector import PrintCollector
>>> _print_ = PrintCollector
>>> src = '''
... print "Hello World!"
... '''
>>> code = compile_restricted(src, '<string>', 'exec')
>>> exec(code)
As you can see, the text doesn't appear on stdout. The print
collector collects it. We can have access to the text using the
``printed`` variable, though:
>>> src = '''
... print "Hello World!"
... result = printed
... '''
>>> code = compile_restricted(src, '<string>', 'exec')
>>> exec(code)
>>> result
'Hello World!\n'
Built-ins
---------
By supplying a different ``__builtins__`` dictionary, we can rule out
unsafe operations, such as opening files:
>>> from RestrictedPython.Guards import safe_builtins
>>> restricted_globals = dict(__builtins__ = safe_builtins)
>>> src = '''
... open('/etc/passwd')
... '''
>>> code = compile_restricted(src, '<string>', 'exec')
>>> exec(code) in restricted_globals
Traceback (most recent call last):
...
NameError: name 'open' is not defined
Guards
------
Here's an example of a write guard that never lets restricted code
modify (assign, delete an attribute or item) except dictionaries and
lists:
>>> from RestrictedPython.Guards import full_write_guard
>>> _write_ = full_write_guard
>>> _getattr_ = getattr
>>> class BikeShed(object):
... colour = 'green'
...
>>> shed = BikeShed()
Normally accessing attriutes works as expected, because we're using
the standard ``getattr`` function for the ``_getattr_`` guard:
>>> src = '''
... print shed.colour
... result = printed
... '''
>>> code = compile_restricted(src, '<string>', 'exec')
>>> exec(code)
>>> result
'green\n'
However, changing an attribute doesn't work:
>>> src = '''
... shed.colour = 'red'
... '''
>>> code = compile_restricted(src, '<string>', 'exec')
>>> exec(code)
Traceback (most recent call last):
...
TypeError: attribute-less object (assign or del)
As said, this particular write guard (``full_write_guard``) will allow
restricted code to modify lists and dictionaries:
>>> fibonacci = [1, 1, 2, 3, 4]
>>> transl = dict(one=1, two=2, tres=3)
>>> src = '''
... # correct mistake in list
... fibonacci[-1] = 5
... # one item doesn't belong
... del transl['tres']
... '''
>>> code = compile_restricted(src, '<string>', 'exec')
>>> exec(code)
>>> fibonacci
[1, 1, 2, 3, 5]
>>> sorted(transl.keys())
['one', 'two']
Changes
=======
3.6.0 (2010-07-09)
------------------
- Added name check for names assigned during imports using the
"from x import y" format.
- Added test for name check when assigning an alias using multiple-context with
statements in Python 2.7.
- Added tests for protection of the iterators for dict and set comprehensions
in Python 2.7.
3.6.0a1 (2010-06-05)
--------------------
- Removed support for DocumentTemplate.sequence - this is handled in the
DocumentTemplate package itself.
3.5.2 (2010-04-30)
------------------
- Removed a testing dependency on zope.testing.
3.5.1 (2009-03-17)
------------------
- Added tests for ``Utilities`` module.
- Filtered DeprecationWarnings when importing Python's ``sets`` module.
3.5.0 (2009-02-09)
------------------
- Dropped legacy support for Python 2.1 / 2.2 (``__future__`` imports
of ``nested_scopes`` / ``generators``.).
3.4.3 (2008-10-26)
------------------
- Fixed deprecation warning: ``with`` is now a reserved keyword on
Python 2.6. That means RestrictedPython should run on Python 2.6
now. Thanks to Ranjith Kannikara, GSoC Student for the patch.
- Added tests for ternary if expression and for 'with' keyword and
context managers.
3.4.2 (2007-07-28)
------------------
- Changed homepage URL to the CheeseShop site
- Greatly improved README.txt
3.4.1 (2007-06-23)
------------------
- Fixed http://www.zope.org/Collectors/Zope/2295: Bare conditional in
a Zope 2 PythonScript followed by a comment causes SyntaxError.
3.4.0 (2007-06-04)
------------------
- RestrictedPython now has its own release cycle as a separate egg.
- Synchronized with RestrictedPython from Zope 2 tree.
3.2.0 (2006-01-05)
------------------
- Corresponds to the verison of the RestrictedPython package shipped
as part of the Zope 3.2.0 release.
- No changes from 3.1.0.
3.1.0 (2005-10-03)
------------------
- Corresponds to the verison of the RestrictedPython package shipped
as part of the Zope 3.1.0 release.
- Removed unused fossil module, ``SafeMapping``.
- Replaced use of deprecated 'whrandom' module with 'random' (aliased
to 'whrandom' for backward compatibility).
3.0.0 (2004-11-07)
------------------
- Corresponds to the verison of the RestrictedPython package shipped
as part of the Zope X3.0.0 release.
Platform: UNKNOWN
|