Chris Withers wrote:
Jim Fulton wrote:
On Oct 24, 2008, at 10:01 AM, Chris Withers wrote:
Jim Fulton wrote:
The problem is that it it starts with an environment in which things are allowed by default, and takes things away. This means that if anything is forgotten, then you end up with holes. Isn't there a way we could change the AST manipulation such that we start with nothing and only allow opcodes as and when they're added to the RestrictedPython implementation? No. we're starting with an existing program written in a Python script or expression. We then have to sanitize it.
Could that sanitization could be a filter that lets nothing through, and then builds from there?
Yes, and if such a change leads to faster adoption of new Python releases by Zope, then it seems like a worthwhile effort. Instead of a tree mutator, RestrictedPython would use a tree copier with a filter. New Python features would initially not be supported at all, but that's better than accidentally, insecurely, supporting new features. Shane