[Zope-dev] audit of RestrictedPython for Python 2.7

Tres Seaver tseaver at palladion.com
Fri Jul 9 12:33:55 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Glick wrote:
> I am done (as far as I can tell) evaluating RestrictedPython to see if
> changes are needed to support Python 2.7. This is the first time I have
> done this, so would appreciate if someone else can look over my work to
> make sure I'm not missing something important.  I'll describe my process
> and findings below.
> 
> The basic summary is that Python 2.7 adds a small number of syntactic
> features and they are already handled adequately by RestrictedPython.  I
> added some tests for these on a branch,
> http://svn.zope.org/repos/main/RestrictedPython/branches/davisagli-python27,
> which I can merge once someone else has looked over them. In addition, I
> discovered the omission of a name check for the "from x import y" style
> import; this is also fixed on the branch.
> 
> To go into detail...
> 
> I started by reading RestrictedPython (henceforth referred to as RP) to
> familiarize myself with how it works. Next I read the "What's New in
> Python 2.7" document and noted features that might require changes in
> RP. Then I went through each of these and looked at the corresponding
> changes in the Python compiler, bytecode generator and evaluator to
> further check on whether changes were needed. Here are the items I
> checked and my conclusions...
> 
> - dict and set comprehensions: These need to use RP's safe _getitem_ to
> iterate. This was already taken care of because these new comprehensions
> use the same ListCompFor AST node that list comprehensions do.
> 
> - set literals: These build a new set based on the result of evaluating
> other AST nodes that RP already protects, so should be safe.
> 
> - multiple context managers in one with statement: I wrote a test to
> confirm that the existing name check for context managers still works
> when there are multiple ones.
> 
> - the 'with' statement now uses a new opcode SETUP_WITH that does an
> unprotected lookup of the '__enter__' and '__exit__' methods of the
> context manager.  I don't think this is a problem, since methods
> starting with an underscore can't be defined in RP.
> 
> - dictionary views: these don't introduce new builtins or syntax, so I
> don't think changes are necessary. To allow access to them in RP in Zope
> 2 we would need to adjust the dict method whitelist in
> AccessControl.ZopeGuards to allow viewitems, viewkeys, and viewvalues.
> 
> - new builtins memoryview, bytes, and bytearray: For now I punted and
> these are not included in RP's safe_builtins list. memoryview and
> bytearray should probably not be added. bytes is just a synonym for str
> in Python 2.7 afaict, so would probably be okay to add.
> 
> - explicit relative imports (from .x import y): These are covered by the
> name check I added (as noted above in the summary) for "from x import y"
> imports in general.
> 
> - except x as y: Added a test to show that this is already covered.
> 
> Finally, to double-check my work I did diffs of Lib/compiler/ast.py and
> Python/ceval.c in the Python source to check for any new AST nodes or
> opcodes that I had overlooked above. This didn't yield any new concerns
> that I hadn't already considered.

First class work!  Thanks very much for your careful attention to detail.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkw3T3MACgkQ+gerLs4ltQ5rwwCg2Wrwuykqo5xjWuewyfFv9tbK
T3EAoMf8X6PhJxYXn7kARjhpofok+FVZ
=z2oW
-----END PGP SIGNATURE-----



More information about the Zope-Dev mailing list