[Zope-dev] audit of RestrictedPython for Python 2.7

David Glick davidglick at groundwire.org
Thu Jul 8 23:42:14 EDT 2010


I am done (as far as I can tell) evaluating RestrictedPython to see if
changes are needed to support Python 2.7. This is the first time I have
done this, so would appreciate if someone else can look over my work to
make sure I'm not missing something important.  I'll describe my process
and findings below.

The basic summary is that Python 2.7 adds a small number of syntactic
features and they are already handled adequately by RestrictedPython.  I
added some tests for these on a branch,
http://svn.zope.org/repos/main/RestrictedPython/branches/davisagli-python27,
which I can merge once someone else has looked over them. In addition, I
discovered the omission of a name check for the "from x import y" style
import; this is also fixed on the branch.

To go into detail...

I started by reading RestrictedPython (henceforth referred to as RP) to
familiarize myself with how it works. Next I read the "What's New in
Python 2.7" document and noted features that might require changes in
RP. Then I went through each of these and looked at the corresponding
changes in the Python compiler, bytecode generator and evaluator to
further check on whether changes were needed. Here are the items I
checked and my conclusions...

- dict and set comprehensions: These need to use RP's safe _getitem_ to
iterate. This was already taken care of because these new comprehensions
use the same ListCompFor AST node that list comprehensions do.

- set literals: These build a new set based on the result of evaluating
other AST nodes that RP already protects, so should be safe.

- multiple context managers in one with statement: I wrote a test to
confirm that the existing name check for context managers still works
when there are multiple ones.

- the 'with' statement now uses a new opcode SETUP_WITH that does an
unprotected lookup of the '__enter__' and '__exit__' methods of the
context manager.  I don't think this is a problem, since methods
starting with an underscore can't be defined in RP.

- dictionary views: these don't introduce new builtins or syntax, so I
don't think changes are necessary. To allow access to them in RP in Zope
2 we would need to adjust the dict method whitelist in
AccessControl.ZopeGuards to allow viewitems, viewkeys, and viewvalues.

- new builtins memoryview, bytes, and bytearray: For now I punted and
these are not included in RP's safe_builtins list. memoryview and
bytearray should probably not be added. bytes is just a synonym for str
in Python 2.7 afaict, so would probably be okay to add.

- explicit relative imports (from .x import y): These are covered by the
name check I added (as noted above in the summary) for "from x import y"
imports in general.

- except x as y: Added a test to show that this is already covered.

Finally, to double-check my work I did diffs of Lib/compiler/ast.py and
Python/ceval.c in the Python source to check for any new AST nodes or
opcodes that I had overlooked above. This didn't yield any new concerns
that I hadn't already considered.

peace,
David

David Glick
Web Developer
davidglick at groundwire.org
206.286.1235x32

[http://gw-logo.s3.amazonaws.com/groundwire-logo-270-noclear.png]<http://groundwire.org/?utm_source=Groundwire.org%2BEmail&utm_medium=Email&utm_campaign=Logo>

Sign up for Groundwire News!<http://groundwire.org/email-capture?utm_source=Groundwire.org-email&utm_medium=Email&utm_content=Sign-up-for-groundwire-news&utm_campaign=email-signature>  Tips, tools and news delivered directly to your inbox.  <http://groundwire.org/email-capture?utm_source=Groundwire.org-email&utm_medium=Email&utm_content=Sign-up-for-groundwire-news&utm_campaign=email-signature>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope-dev/attachments/20100708/d228d15f/attachment.html 


More information about the Zope-Dev mailing list