RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
Project description
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. RestrictedPython is not a sandbox system or a secured environment, but it helps to define a trusted environment and execute untrusted code inside of it.
For full documentation please see http://restrictedpython.readthedocs.io/ or the local docs/index.
Example
To give a basic understanding what RestrictedPython does here two examples:
An unproblematic code example
Python allows you to execute a large set of commands. This would not harm any system.
>>> from RestrictedPython import compile_restricted
>>> from RestrictedPython import safe_builtins
>>>
>>> source_code = """
... def example():
... return 'Hello World!'
... """
>>>
>>> loc = {}
>>> byte_code = compile_restricted(source_code, '<inline>', 'exec')
>>> exec(byte_code, safe_builtins, loc)
>>>
>>> loc['example']()
'Hello World!'
Problematic code example
This example directly executed in Python could harm your system.
>>> from RestrictedPython import compile_restricted
>>> from RestrictedPython import safe_builtins
>>>
>>> source_code = """
... import os
...
... os.listdir('/')
... """
>>> byte_code = compile_restricted(source_code, '<inline>', 'exec')
>>> exec(byte_code, {'__builtins__': safe_builtins}, {})
Traceback (most recent call last):
ImportError: __import__ not found
Changes
4.0b4 (2018-05-18)
Allow the following magic methods to be defined on classes. (#104) They cannot be called directly but by the built-in way to use them (e. g. class instantiation, or comparison):
__init__
__contains__
__lt__
__le__
__eq__
__ne__
__gt__
__ge__
Imports like from a import * (so called star imports) are now forbidden as they allow to import names starting with an underscore which could override protected build-ins. (#102)
Bring test coverage to 100 %.
Drop support for Python 3.4.
4.0b3 (2018-04-12)
Warn when using another Python implementation than CPython as it is not safe to use RestrictedPython with other versions than CPyton. See https://bitbucket.org/pypy/pypy/issues/2653 for PyPy.
Allow to use list comprehensions in the default implementation of RestrictionCapableEval.eval().
4.0b2 (2017-09-15)
Fix regression in RestrictionCapableEval which broke when using list comprehensions.
4.0b1 (2017-09-15)
Security issue: RestrictedPython now ships with a default implementation for _getattr_ which prevents from using the format() method on str/unicode as it is not safe, see: http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
Caution: If you do not already have secured the access to this format() method in your _getattr_ implementation use RestrictedPython.Guards.safer_getattr() in your implementation to benefit from this fix.
Drop the old implementation of version 3.x: RCompile.py, SelectCompiler.py, MutatingWorker.py, RestrictionMutator.py and tests/verify.py.
Drop support for PyPy as there currently is no way to restrict the builtins. See https://bitbucket.org/pypy/pypy/issues/2653.
Remove __len__ method in .Guards._write_wrapper because it is no longer reachable by code using the wrapper.
4.0a3 (2017-06-20)
Fix install problem caused by an invisible non-ASCII character in README.rst.
Update configurations to give better feedback and helpful reports.
4.0a2 (2017-05-26)
Modified README and setup.py to provide a better desciption test for PyPI. [loechel]
Drop support for long-deprecated sets module. [tseaver]
4.0a1 (2017-05-05)
Mostly complete rewrite based on Python AST module. [loechel (Alexander Loechel), icemac (Michael Howitz), stephan-hof (Stephan Hofmockel), tlotze (Thomas Lotze)]
Support Python versions 3.4 up to 3.6.
switch to pytest
The compile_restricted* functions now return a namedtuple CompileResult instead of a simple tuple.
3.6.0 (2010-07-09)
Add name check for names assigned during imports using the from x import y format.
Add test for name check when assigning an alias using multiple-context with statements in Python 2.7.
Add tests for protection of the iterators for dict and set comprehensions in Python 2.7.
3.6.0a1 (2010-06-05)
Remove support for DocumentTemplate.sequence - this is handled in the DocumentTemplate package itself.
3.5.2 (2010-04-30)
Remove a testing dependency on zope.testing.
3.5.1 (2009-03-17)
Add tests for Utilities module.
Filter DeprecationWarnings when importing Python’s sets module.
3.5.0 (2009-02-09)
Drop legacy support for Python 2.1 / 2.2 (__future__ imports of nested_scopes / generators.).
3.4.3 (2008-10-26)
Fix deprecation warning: with is now a reserved keyword on Python 2.6. That means RestrictedPython should run on Python 2.6 now. Thanks to Ranjith Kannikara, GSoC Student for the patch.
Add tests for ternary if expression and for with keyword and context managers.
3.4.2 (2007-07-28)
Changed homepage URL to the PyPI site
Improve README.txt.
3.4.1 (2007-06-23)
Fix http://www.zope.org/Collectors/Zope/2295: Bare conditional in a Zope 2 PythonScript followed by a comment causes SyntaxError.
3.4.0 (2007-06-04)
RestrictedPython now has its own release cycle as a separate project.
Synchronized with RestrictedPython from Zope 2 tree.
3.2.0 (2006-01-05)
Corresponds to the verison of the RestrictedPython package shipped as part of the Zope 3.2.0 release.
No changes from 3.1.0.
3.1.0 (2005-10-03)
Corresponds to the verison of the RestrictedPython package shipped as part of the Zope 3.1.0 release.
Remove unused fossil module, SafeMapping.
Replaced use of deprecated whrandom module with random (aliased to whrandom for backward compatibility).
3.0.0 (2004-11-07)
Corresponds to the verison of the RestrictedPython package shipped as part of the Zope X3.0.0 release.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for RestrictedPython-4.0b4-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ccba5c97382528e2b3ac48137146d332963dee99a63280a392bb13f8ff45ff92 |
|
MD5 | bafcac2d85875741625854c638811832 |
|
BLAKE2b-256 | fbe1b271496af6fde656258827ab611b9e1a4e52e331929d2480250ca118ca8a |