Sidnei or Stephan, can one of you comment on David's approach or offer a review?
On Fri, Jul 9, 2010 at 5:42 AM, David Glick <davidgl...@groundwire.org> wrote:
> I am done (as far as I can tell) evaluating RestrictedPython to see if
> changes are needed to support Python 2.7. This is the first time I have
> done this, so would appreciate if someone else can look over my work to
> make sure I'm not missing something important. I'll describe my process
> and findings below.
> The basic summary is that Python 2.7 adds a small number of syntactic
> features and they are already handled adequately by RestrictedPython. I
> added some tests for these on a branch,
> which I can merge once someone else has looked over them. In addition, I
> discovered the omission of a name check for the "from x import y" style
> import; this is also fixed on the branch.
> To go into detail...
> I started by reading RestrictedPython (henceforth referred to as RP) to
> familiarize myself with how it works. Next I read the "What's New in
> Python 2.7" document and noted features that might require changes in
> RP. Then I went through each of these and looked at the corresponding
> changes in the Python compiler, bytecode generator and evaluator to
> further check on whether changes were needed. Here are the items I
> checked and my conclusions...
> - dict and set comprehensions: These need to use RP's safe _getitem_ to
> iterate. This was already taken care of because these new comprehensions
> use the same ListCompFor AST node that list comprehensions do.
> - set literals: These build a new set based on the result of evaluating
> other AST nodes that RP already protects, so should be safe.
> - multiple context managers in one with statement: I wrote a test to
> confirm that the existing name check for context managers still works
> when there are multiple ones.
> - the 'with' statement now uses a new opcode SETUP_WITH that does an
> unprotected lookup of the '__enter__' and '__exit__' methods of the
> context manager. I don't think this is a problem, since methods
> starting with an underscore can't be defined in RP.
> - dictionary views: these don't introduce new builtins or syntax, so I
> don't think changes are necessary. To allow access to them in RP in Zope
> 2 we would need to adjust the dict method whitelist in
> AccessControl.ZopeGuards to allow viewitems, viewkeys, and viewvalues.
> - new builtins memoryview, bytes, and bytearray: For now I punted and
> these are not included in RP's safe_builtins list. memoryview and
> bytearray should probably not be added. bytes is just a synonym for str
> in Python 2.7 afaict, so would probably be okay to add.
> - explicit relative imports (from .x import y): These are covered by the
> name check I added (as noted above in the summary) for "from x import y"
> imports in general.
> - except x as y: Added a test to show that this is already covered.
> Finally, to double-check my work I did diffs of Lib/compiler/ast.py and
> Python/ceval.c in the Python source to check for any new AST nodes or
> opcodes that I had overlooked above. This didn't yield any new concerns
> that I hadn't already considered.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -