I am done (as far as I can tell) evaluating RestrictedPython to see if changes are needed to support Python 2.7. This is the first time I have done this, so would appreciate if someone else can look over my work to make sure I'm not missing something important. I'll describe my process and findings below.
The basic summary is that Python 2.7 adds a small number of syntactic features and they are already handled adequately by RestrictedPython. I added some tests for these on a branch, http://svn.zope.org/repos/main/RestrictedPython/branches/davisagli-python27, which I can merge once someone else has looked over them. In addition, I discovered the omission of a name check for the "from x import y" style import; this is also fixed on the branch. To go into detail... I started by reading RestrictedPython (henceforth referred to as RP) to familiarize myself with how it works. Next I read the "What's New in Python 2.7" document and noted features that might require changes in RP. Then I went through each of these and looked at the corresponding changes in the Python compiler, bytecode generator and evaluator to further check on whether changes were needed. Here are the items I checked and my conclusions... - dict and set comprehensions: These need to use RP's safe _getitem_ to iterate. This was already taken care of because these new comprehensions use the same ListCompFor AST node that list comprehensions do. - set literals: These build a new set based on the result of evaluating other AST nodes that RP already protects, so should be safe. - multiple context managers in one with statement: I wrote a test to confirm that the existing name check for context managers still works when there are multiple ones. - the 'with' statement now uses a new opcode SETUP_WITH that does an unprotected lookup of the '__enter__' and '__exit__' methods of the context manager. I don't think this is a problem, since methods starting with an underscore can't be defined in RP. - dictionary views: these don't introduce new builtins or syntax, so I don't think changes are necessary. To allow access to them in RP in Zope 2 we would need to adjust the dict method whitelist in AccessControl.ZopeGuards to allow viewitems, viewkeys, and viewvalues. - new builtins memoryview, bytes, and bytearray: For now I punted and these are not included in RP's safe_builtins list. memoryview and bytearray should probably not be added. bytes is just a synonym for str in Python 2.7 afaict, so would probably be okay to add. - explicit relative imports (from .x import y): These are covered by the name check I added (as noted above in the summary) for "from x import y" imports in general. - except x as y: Added a test to show that this is already covered. Finally, to double-check my work I did diffs of Lib/compiler/ast.py and Python/ceval.c in the Python source to check for any new AST nodes or opcodes that I had overlooked above. This didn't yield any new concerns that I hadn't already considered. peace, David David Glick Web Developer [email protected] 206.286.1235x32 [http://gw-logo.s3.amazonaws.com/groundwire-logo-270-noclear.png]<http://groundwire.org/?utm_source=Groundwire.org%2BEmail&utm_medium=Email&utm_campaign=Logo> Sign up for Groundwire News!<http://groundwire.org/email-capture?utm_source=Groundwire.org-email&utm_medium=Email&utm_content=Sign-up-for-groundwire-news&utm_campaign=email-signature> Tips, tools and news delivered directly to your inbox. <http://groundwire.org/email-capture?utm_source=Groundwire.org-email&utm_medium=Email&utm_content=Sign-up-for-groundwire-news&utm_campaign=email-signature>
_______________________________________________ Zope-Dev maillist - [email protected] https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
