Re: [Zope-dev] audit of RestrictedPython for Python 2.7
Hi David, awesome work! Sidnei or Stephan, can one of you comment on David's approach or offer a review? Cheers, Hanno On Fri, Jul 9, 2010 at 5:42 AM, David Glick davidgl...@groundwire.org wrote: I am done (as far as I can tell) evaluating RestrictedPython to see if changes are needed to support Python 2.7. This is the first time I have done this, so would appreciate if someone else can look over my work to make sure I'm not missing something important. I'll describe my process and findings below. The basic summary is that Python 2.7 adds a small number of syntactic features and they are already handled adequately by RestrictedPython. I added some tests for these on a branch, http://svn.zope.org/repos/main/RestrictedPython/branches/davisagli-python27, which I can merge once someone else has looked over them. In addition, I discovered the omission of a name check for the from x import y style import; this is also fixed on the branch. To go into detail... I started by reading RestrictedPython (henceforth referred to as RP) to familiarize myself with how it works. Next I read the What's New in Python 2.7 document and noted features that might require changes in RP. Then I went through each of these and looked at the corresponding changes in the Python compiler, bytecode generator and evaluator to further check on whether changes were needed. Here are the items I checked and my conclusions... - dict and set comprehensions: These need to use RP's safe _getitem_ to iterate. This was already taken care of because these new comprehensions use the same ListCompFor AST node that list comprehensions do. - set literals: These build a new set based on the result of evaluating other AST nodes that RP already protects, so should be safe. - multiple context managers in one with statement: I wrote a test to confirm that the existing name check for context managers still works when there are multiple ones. - the 'with' statement now uses a new opcode SETUP_WITH that does an unprotected lookup of the '__enter__' and '__exit__' methods of the context manager. I don't think this is a problem, since methods starting with an underscore can't be defined in RP. - dictionary views: these don't introduce new builtins or syntax, so I don't think changes are necessary. To allow access to them in RP in Zope 2 we would need to adjust the dict method whitelist in AccessControl.ZopeGuards to allow viewitems, viewkeys, and viewvalues. - new builtins memoryview, bytes, and bytearray: For now I punted and these are not included in RP's safe_builtins list. memoryview and bytearray should probably not be added. bytes is just a synonym for str in Python 2.7 afaict, so would probably be okay to add. - explicit relative imports (from .x import y): These are covered by the name check I added (as noted above in the summary) for from x import y imports in general. - except x as y: Added a test to show that this is already covered. Finally, to double-check my work I did diffs of Lib/compiler/ast.py and Python/ceval.c in the Python source to check for any new AST nodes or opcodes that I had overlooked above. This didn't yield any new concerns that I hadn't already considered. peace, David ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] audit of RestrictedPython for Python 2.7
On Thursday, July 08, 2010, David Glick wrote: I am done (as far as I can tell) evaluating RestrictedPython to see if changes are needed to support Python 2.7. This is the first time I have done this, so would appreciate if someone else can look over my work to make sure I'm not missing something important. I'll describe my process and findings below. This is a good analysis. I looked over your checkins as they came in and they look good. I am glad you caught the import problem. Regards, Stephan -- Entrepreneur and Software Geek Google me. Zope Stephan Richter ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] audit of RestrictedPython for Python 2.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Glick wrote: I am done (as far as I can tell) evaluating RestrictedPython to see if changes are needed to support Python 2.7. This is the first time I have done this, so would appreciate if someone else can look over my work to make sure I'm not missing something important. I'll describe my process and findings below. The basic summary is that Python 2.7 adds a small number of syntactic features and they are already handled adequately by RestrictedPython. I added some tests for these on a branch, http://svn.zope.org/repos/main/RestrictedPython/branches/davisagli-python27, which I can merge once someone else has looked over them. In addition, I discovered the omission of a name check for the from x import y style import; this is also fixed on the branch. To go into detail... I started by reading RestrictedPython (henceforth referred to as RP) to familiarize myself with how it works. Next I read the What's New in Python 2.7 document and noted features that might require changes in RP. Then I went through each of these and looked at the corresponding changes in the Python compiler, bytecode generator and evaluator to further check on whether changes were needed. Here are the items I checked and my conclusions... - dict and set comprehensions: These need to use RP's safe _getitem_ to iterate. This was already taken care of because these new comprehensions use the same ListCompFor AST node that list comprehensions do. - set literals: These build a new set based on the result of evaluating other AST nodes that RP already protects, so should be safe. - multiple context managers in one with statement: I wrote a test to confirm that the existing name check for context managers still works when there are multiple ones. - the 'with' statement now uses a new opcode SETUP_WITH that does an unprotected lookup of the '__enter__' and '__exit__' methods of the context manager. I don't think this is a problem, since methods starting with an underscore can't be defined in RP. - dictionary views: these don't introduce new builtins or syntax, so I don't think changes are necessary. To allow access to them in RP in Zope 2 we would need to adjust the dict method whitelist in AccessControl.ZopeGuards to allow viewitems, viewkeys, and viewvalues. - new builtins memoryview, bytes, and bytearray: For now I punted and these are not included in RP's safe_builtins list. memoryview and bytearray should probably not be added. bytes is just a synonym for str in Python 2.7 afaict, so would probably be okay to add. - explicit relative imports (from .x import y): These are covered by the name check I added (as noted above in the summary) for from x import y imports in general. - except x as y: Added a test to show that this is already covered. Finally, to double-check my work I did diffs of Lib/compiler/ast.py and Python/ceval.c in the Python source to check for any new AST nodes or opcodes that I had overlooked above. This didn't yield any new concerns that I hadn't already considered. First class work! Thanks very much for your careful attention to detail. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkw3T3MACgkQ+gerLs4ltQ5rwwCg2Wrwuykqo5xjWuewyfFv9tbK T3EAoMf8X6PhJxYXn7kARjhpofok+FVZ =z2oW -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
