473,327 Members | 2,081 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,327 software developers and data experts.

Using RestrictedPython

Hi,

I found references on Google to a discussion a little while ago about using
RestrictedPython instead of rexec and Bastion. But I've had trouble
finding documentation.

Below is my test program. Am I doing this the right way?

- - - -
#!/usr/bin/env python

from RestrictedPython import compile_restricted

def g(x):
return "Function g(x)"

fn = '''
def f(x):
return "x: " + str(x) + " x^2: " + str(x*x)

'''

fn2 = '''
def h(x):
f = open('test-out.txt', 'w')
f.write(x)
f.close()
s = 'Just wrote to a file'
return s
'''

exp = 'str(f(3))'

cofn = compile_restricted(fn, '<string> ', 'exec')
exec(cofn)
coexp = compile_restricted(exp, '<string>', 'eval')
print "Restricted eval: " + str(eval(coexp))

f = g
print "Restricted eval: " + str(eval(coexp))

exec(fn2)
print "Native exec: " + str(h("Native exec\n"))

h = None
#cofn2 = compile(fn2, '<string>', 'exec')
cofn2 = compile_restricted(fn2, '<string>', 'exec')
exec(cofn2)
try:
print h("Restricted exec\n")
except:
print "Can't run restricted code?"

- - - -

I know it runs and it seems to do what I expect, but is it 'right'?

Thanks,

Rasjid.

Jul 18 '05 #1
1 2371
Rasjid Wilcox wrote:
Below is my test program. Am I doing this the right way?


Well, you've got the basics of compiling and executing the compiled
code. What you need to understand about RestrictedPython, though, is
that while it provides the raw material for restricted execution, you
need to supply a policy implementation. You hook up your implementation
by providing a set of specially named objects in the global dict that
you use for execution of code. Specifically:

1. "_print_" is a callable object that returns a handler for print
statements. This handler must have a 'write()' method that accepts a
single string argument, and must return a string when called. The
PrintCollector module has an implementation.

2. "_write_" is a guard function taking a single argument. If the
object passed to it may be written to, it should be returned, otherwise
the guard function should raise an exception.

3. "_getattr_" and "_getitem_" are guard functions, each of which takes
two arguments. The first is the base object to be accessed, while the
second is the attribute name or item index that will be read. The guard
function should return the attribute or subitem, or raise an exception.

4. "__import__" is the normal Python import hook, and should be used to
control access to Python packages and modules.

5. "__builtins__" is the normal Python builtins dictionary, which should
be weeded down to a set that cannot be used to get around your
restrictions. A usable "safe" set is in the Guards module.

To help illustrate how this works under the covers, here's an example
function along with (sort of) how it looks after restricted compilation:

def f(x):
x.foo = x.foo + x[0]
print x
return printed

def f(x):
# Make local variables from globals.
_print = _print_()
_write = _write_
_getattr = _getattr_
_getitem = _getitem_
#
_write(x).foo = _getattr(x, 'foo') + _getitem(x, 0)
print >>_print, x
return _print()

Cheers,

Evan @ 4-am

Jul 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: rawCoder | last post by:
Hi All, I have a *.cer file, a public key of some one and I want to encrypt some thing using this public key. Can someone point me to a sample code for Encrypting some file using...
1
by: Mike | last post by:
When trying to compile (using Visual Web Developer 2005 Express Beta; frameworkv2.0.50215 ) the source code below I get errors (listed below due to the use of ICallBackEventHandler. Ultimately I...
15
by: vinjvinj | last post by:
I have an application which allows multiple users to write models. These models get distributed on a grid of compute engines. users submit their models through a web interface. I want to 1....
3
by: JDeats | last post by:
I have some .NET 1.1 code that utilizes this technique for encrypting and decrypting a file. http://support.microsoft.com/kb/307010 In .NET 2.0 this approach is not fully supported (a .NET 2.0...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.