Using RestrictedPython

Discussion in 'Python' started by Rasjid Wilcox, Oct 6, 2003.

  1. Hi,

    I found references on Google to a discussion a little while ago about using
    RestrictedPython instead of rexec and Bastion. But I've had trouble
    finding documentation.

    Below is my test program. Am I doing this the right way?

    - - - -
    #!/usr/bin/env python

    from RestrictedPython import compile_restricted

    def g(x):
    return "Function g(x)"

    fn = '''
    def f(x):
    return "x: " + str(x) + " x^2: " + str(x*x)

    '''

    fn2 = '''
    def h(x):
    f = open('test-out.txt', 'w')
    f.write(x)
    f.close()
    s = 'Just wrote to a file'
    return s
    '''

    exp = 'str(f(3))'

    cofn = compile_restricted(fn, '<string> ', 'exec')
    exec(cofn)
    coexp = compile_restricted(exp, '<string>', 'eval')
    print "Restricted eval: " + str(eval(coexp))

    f = g
    print "Restricted eval: " + str(eval(coexp))

    exec(fn2)
    print "Native exec: " + str(h("Native exec\n"))

    h = None
    #cofn2 = compile(fn2, '<string>', 'exec')
    cofn2 = compile_restricted(fn2, '<string>', 'exec')
    exec(cofn2)
    try:
    print h("Restricted exec\n")
    except:
    print "Can't run restricted code?"

    - - - -

    I know it runs and it seems to do what I expect, but is it 'right'?

    Thanks,

    Rasjid.
    Rasjid Wilcox, Oct 6, 2003
    #1
    1. Advertising

  2. Rasjid Wilcox

    Evan Simpson Guest

    Rasjid Wilcox wrote:
    > Below is my test program. Am I doing this the right way?


    Well, you've got the basics of compiling and executing the compiled
    code. What you need to understand about RestrictedPython, though, is
    that while it provides the raw material for restricted execution, you
    need to supply a policy implementation. You hook up your implementation
    by providing a set of specially named objects in the global dict that
    you use for execution of code. Specifically:

    1. "_print_" is a callable object that returns a handler for print
    statements. This handler must have a 'write()' method that accepts a
    single string argument, and must return a string when called. The
    PrintCollector module has an implementation.

    2. "_write_" is a guard function taking a single argument. If the
    object passed to it may be written to, it should be returned, otherwise
    the guard function should raise an exception.

    3. "_getattr_" and "_getitem_" are guard functions, each of which takes
    two arguments. The first is the base object to be accessed, while the
    second is the attribute name or item index that will be read. The guard
    function should return the attribute or subitem, or raise an exception.

    4. "__import__" is the normal Python import hook, and should be used to
    control access to Python packages and modules.

    5. "__builtins__" is the normal Python builtins dictionary, which should
    be weeded down to a set that cannot be used to get around your
    restrictions. A usable "safe" set is in the Guards module.

    To help illustrate how this works under the covers, here's an example
    function along with (sort of) how it looks after restricted compilation:

    def f(x):
    x.foo = x.foo + x[0]
    print x
    return printed

    def f(x):
    # Make local variables from globals.
    _print = _print_()
    _write = _write_
    _getattr = _getattr_
    _getitem = _getitem_
    #
    _write(x).foo = _getattr(x, 'foo') + _getitem(x, 0)
    print >>_print, x
    return _print()

    Cheers,

    Evan @ 4-am
    Evan Simpson, Oct 6, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. William F. Robertson, Jr.
    Replies:
    1
    Views:
    960
    Kathy Burke
    Jun 25, 2003
  2. pete
    Replies:
    1
    Views:
    2,920
    Jon Yates
    Aug 29, 2003
  3. timmso
    Replies:
    1
    Views:
    466
    Alex Papadimoulis
    Dec 12, 2003
  4. Replies:
    2
    Views:
    533
  5. Jean-Paul Calderone
    Replies:
    0
    Views:
    424
    Jean-Paul Calderone
    Nov 7, 2005
Loading...

Share This Page