Skip to main content
Help us improve PyPI by participating in user testing. All experience levels needed!

RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.

Project description

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. RestrictedPython is not a sandbox system or a secured environment, but it helps to define a trusted environment and execute untrusted code inside of it.

Warning

RestrictedPython only supports CPython. It does _not_ support PyPy and other Python implementations as it cannot provide its restrictions there.

For full documentation please see http://restrictedpython.readthedocs.io/ or the local docs/index.

Example

To give a basic understanding what RestrictedPython does here two examples:

An unproblematic code example

Python allows you to execute a large set of commands. This would not harm any system.

>>> from RestrictedPython import compile_restricted
>>> from RestrictedPython import safe_builtins
>>>
>>> source_code = """
... def example():
...     return 'Hello World!'
... """
>>>
>>> loc = {}
>>> byte_code = compile_restricted(source_code, '<inline>', 'exec')
>>> exec(byte_code, safe_builtins, loc)
>>>
>>> loc['example']()
'Hello World!'

Problematic code example

This example directly executed in Python could harm your system.

>>> from RestrictedPython import compile_restricted
>>> from RestrictedPython import safe_builtins
>>>
>>> source_code = """
... import os
...
... os.listdir('/')
... """
>>> byte_code = compile_restricted(source_code, '<inline>', 'exec')
>>> exec(byte_code, {'__builtins__': safe_builtins}, {})
Traceback (most recent call last):
ImportError: __import__ not found

Changes

4.0b4 (2018-05-18)

  • Allow the following magic methods to be defined on classes. (#104) They cannot be called directly but by the built-in way to use them (e. g. class instantiation, or comparison):
    • __init__
    • __contains__
    • __lt__
    • __le__
    • __eq__
    • __ne__
    • __gt__
    • __ge__
  • Imports like from a import * (so called star imports) are now forbidden as they allow to import names starting with an underscore which could override protected build-ins. (#102)
  • Bring test coverage to 100 %.
  • Drop support for Python 3.4.

4.0b3 (2018-04-12)

  • Warn when using another Python implementation than CPython as it is not safe to use RestrictedPython with other versions than CPyton. See https://bitbucket.org/pypy/pypy/issues/2653 for PyPy.
  • Allow to use list comprehensions in the default implementation of RestrictionCapableEval.eval().

4.0b2 (2017-09-15)

  • Fix regression in RestrictionCapableEval which broke when using list comprehensions.

4.0b1 (2017-09-15)

  • Security issue: RestrictedPython now ships with a default implementation for _getattr_ which prevents from using the format() method on str/unicode as it is not safe, see: http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/

    Caution: If you do not already have secured the access to this format() method in your _getattr_ implementation use RestrictedPython.Guards.safer_getattr() in your implementation to benefit from this fix.

  • Drop the old implementation of version 3.x: RCompile.py, SelectCompiler.py, MutatingWorker.py, RestrictionMutator.py and tests/verify.py.

  • Drop support for PyPy as there currently is no way to restrict the builtins. See https://bitbucket.org/pypy/pypy/issues/2653.

  • Remove __len__ method in .Guards._write_wrapper because it is no longer reachable by code using the wrapper.

4.0a3 (2017-06-20)

  • Fix install problem caused by an invisible non-ASCII character in README.rst.
  • Update configurations to give better feedback and helpful reports.

4.0a2 (2017-05-26)

  • Modified README and setup.py to provide a better desciption test for PyPI. [loechel]
  • Drop support for long-deprecated sets module. [tseaver]

4.0a1 (2017-05-05)

  • Mostly complete rewrite based on Python AST module. [loechel (Alexander Loechel), icemac (Michael Howitz), stephan-hof (Stephan Hofmockel), tlotze (Thomas Lotze)]
  • Support Python versions 3.4 up to 3.6.
  • switch to pytest
  • The compile_restricted* functions now return a namedtuple CompileResult instead of a simple tuple.

3.6.0 (2010-07-09)

  • Add name check for names assigned during imports using the from x import y format.
  • Add test for name check when assigning an alias using multiple-context with statements in Python 2.7.
  • Add tests for protection of the iterators for dict and set comprehensions in Python 2.7.

3.6.0a1 (2010-06-05)

  • Remove support for DocumentTemplate.sequence - this is handled in the DocumentTemplate package itself.

3.5.2 (2010-04-30)

  • Remove a testing dependency on zope.testing.

3.5.1 (2009-03-17)

  • Add tests for Utilities module.
  • Filter DeprecationWarnings when importing Python’s sets module.

3.5.0 (2009-02-09)

  • Drop legacy support for Python 2.1 / 2.2 (__future__ imports of nested_scopes / generators.).

3.4.3 (2008-10-26)

  • Fix deprecation warning: with is now a reserved keyword on Python 2.6. That means RestrictedPython should run on Python 2.6 now. Thanks to Ranjith Kannikara, GSoC Student for the patch.
  • Add tests for ternary if expression and for with keyword and context managers.

3.4.2 (2007-07-28)

  • Changed homepage URL to the PyPI site
  • Improve README.txt.

3.4.1 (2007-06-23)

3.4.0 (2007-06-04)

  • RestrictedPython now has its own release cycle as a separate project.
  • Synchronized with RestrictedPython from Zope 2 tree.

3.2.0 (2006-01-05)

  • Corresponds to the verison of the RestrictedPython package shipped as part of the Zope 3.2.0 release.
  • No changes from 3.1.0.

3.1.0 (2005-10-03)

  • Corresponds to the verison of the RestrictedPython package shipped as part of the Zope 3.1.0 release.
  • Remove unused fossil module, SafeMapping.
  • Replaced use of deprecated whrandom module with random (aliased to whrandom for backward compatibility).

3.0.0 (2004-11-07)

  • Corresponds to the verison of the RestrictedPython package shipped as part of the Zope X3.0.0 release.

Project details


Release history Release notifications

This version
History Node

4.0b4

History Node

4.0b3

History Node

4.0b2

History Node

4.0b1

History Node

4.0a3

History Node

4.0a2

History Node

4.0a1

History Node

3.6.0

History Node

3.6.0a1

History Node

3.5.2

History Node

3.5.1

History Node

3.5.0

History Node

3.4.3

History Node

3.4.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
RestrictedPython-4.0b4-py2.py3-none-any.whl (29.0 kB) Copy SHA256 hash SHA256 Wheel py2.py3 May 18, 2018
RestrictedPython-4.0b4.tar.gz (74.9 kB) Copy SHA256 hash SHA256 Source None May 18, 2018

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page