[Zope-dev] Trying to design a PythonMethod Product

Christopher Petrilli petrilli@digicool.com
Fri, 13 Aug 1999 11:10:27 -0400 

I'll make some comments since we've tossed this around ENORMOUSLY in house
and just haven't had the time to write it.  It's really not that hard I
think, but you do need to take into account some issues.

> Basically, I plan to take an arbitrary chunk of Python code, wrap it in a
> function definition, compile it, and then thrash the resulting bytecodes
> with bytecodehacks (see http://starship.python.net/crew/mwh/bch/index.html).
> This will serve the dual purposes of enforcing restrictions on what the code
> can do, and bending the semantics for better Zope integration.

Look at the expression machinery, it would be insane to duplicate security
already implemented, and frustrating to have two separate "paradigms" for
managing security.

> 4. Restrict "import" to modules/packages found in a particular location, so
> that 'safe' modules can be used.

Take a look at rexec for this.

> 5. Allow "while" and "for".  Insert 'escape code' at the bottom of every
> loop, to allow PythonMethods to 'time out' after some elapsed time or loop
> count.

Actually, we talked about just limiting the "instruction counter" so that
you could catch anything that was taking an excessively long period of time
to execute.  Say 1M byte-codes?  This avoids having to worry about
individual flow constructs.

> 6. Allow "print" to be used to generate rendered output by replacing it with
> a function that accumulates text.  If anything other than literal "None" is
> returned, the collected "print" text is discarded, otherwise it becomes the
> return value (on "return", "return None", and on implicit return, but not on
> "x=None; return x", for example).

Not sure how I like this honestly.  I'd probably just bind sys.stdout.write
to something new, that should cause print to work correctly.

> 7. Either disallow "global", or redirect access to globals into a controlled
> namespace.

Look at management of namespaces in expressions.

> 8. Provide the Zope standard builtins (and tags?) as builtins.

Before carving that new wheel, take a look at the expression syntax.  This
would be very good starting point I think, as it already deals with crawling
around the parse trees :-)

Chris
--
| Christopher Petrilli        Python Powered        Digital Creations, Inc.
| petrilli@digicool.com                             http://www.digicool.com