Hi David, awesome work!
Sidnei or Stephan, can one of you comment on David's approach or offer a review? Cheers, Hanno On Fri, Jul 9, 2010 at 5:42 AM, David Glick <davidgl...@groundwire.org> wrote: > I am done (as far as I can tell) evaluating RestrictedPython to see if > changes are needed to support Python 2.7. This is the first time I have > done this, so would appreciate if someone else can look over my work to > make sure I'm not missing something important. I'll describe my process > and findings below. > > The basic summary is that Python 2.7 adds a small number of syntactic > features and they are already handled adequately by RestrictedPython. I > added some tests for these on a branch, > http://svn.zope.org/repos/main/RestrictedPython/branches/davisagli-python27, > which I can merge once someone else has looked over them. In addition, I > discovered the omission of a name check for the "from x import y" style > import; this is also fixed on the branch. > > To go into detail... > > I started by reading RestrictedPython (henceforth referred to as RP) to > familiarize myself with how it works. Next I read the "What's New in > Python 2.7" document and noted features that might require changes in > RP. Then I went through each of these and looked at the corresponding > changes in the Python compiler, bytecode generator and evaluator to > further check on whether changes were needed. Here are the items I > checked and my conclusions... > > - dict and set comprehensions: These need to use RP's safe _getitem_ to > iterate. This was already taken care of because these new comprehensions > use the same ListCompFor AST node that list comprehensions do. > > - set literals: These build a new set based on the result of evaluating > other AST nodes that RP already protects, so should be safe. > > - multiple context managers in one with statement: I wrote a test to > confirm that the existing name check for context managers still works > when there are multiple ones. > > - the 'with' statement now uses a new opcode SETUP_WITH that does an > unprotected lookup of the '__enter__' and '__exit__' methods of the > context manager. I don't think this is a problem, since methods > starting with an underscore can't be defined in RP. > > - dictionary views: these don't introduce new builtins or syntax, so I > don't think changes are necessary. To allow access to them in RP in Zope > 2 we would need to adjust the dict method whitelist in > AccessControl.ZopeGuards to allow viewitems, viewkeys, and viewvalues. > > - new builtins memoryview, bytes, and bytearray: For now I punted and > these are not included in RP's safe_builtins list. memoryview and > bytearray should probably not be added. bytes is just a synonym for str > in Python 2.7 afaict, so would probably be okay to add. > > - explicit relative imports (from .x import y): These are covered by the > name check I added (as noted above in the summary) for "from x import y" > imports in general. > > - except x as y: Added a test to show that this is already covered. > > Finally, to double-check my work I did diffs of Lib/compiler/ast.py and > Python/ceval.c in the Python source to check for any new AST nodes or > opcodes that I had overlooked above. This didn't yield any new concerns > that I hadn't already considered. > > peace, > David _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )