Skip to main content

RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.

Reason this release was yanked:

no longer needed pre-release

Project description

https://api.travis-ci.com/zopefoundation/RestrictedPython.svg?branch=master https://coveralls.io/repos/github/zopefoundation/RestrictedPython/badge.svg?branch=master Documentation Status Current version on PyPI Supported Python versions https://github.com/zopefoundation/RestrictedPython/raw/master/docs/logo.jpg

RestrictedPython

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. RestrictedPython is not a sandbox system or a secured environment, but it helps to define a trusted environment and execute untrusted code inside of it.

For full documentation please see http://restrictedpython.readthedocs.io/.

Example

To give a basic understanding what RestrictedPython does here two examples:

An unproblematic code example

Python allows you to execute a large set of commands. This would not harm any system.

>>> from RestrictedPython import compile_restricted
>>> from RestrictedPython import safe_globals
>>>
>>> source_code = """
... def example():
...     return 'Hello World!'
... """
>>>
>>> loc = {}
>>> byte_code = compile_restricted(source_code, '<inline>', 'exec')
>>> exec(byte_code, safe_globals, loc)
>>>
>>> loc['example']()
'Hello World!'

Problematic code example

This example directly executed in Python could harm your system.

>>> from RestrictedPython import compile_restricted
>>> from RestrictedPython import safe_globals
>>>
>>> source_code = """
... import os
...
... os.listdir('/')
... """
>>> byte_code = compile_restricted(source_code, '<inline>', 'exec')
>>> exec(byte_code, safe_globals, {})
Traceback (most recent call last):
ImportError: __import__ not found

Changes

5.2a1.dev0 (2021-10-28)

  • Document that __name__ is needed to define classes.

  • Allow to use the package with Python 3.10 – Caution: No security audit has been done so far.

5.1 (2020-10-07)

Features
  • Add support for (Python 3.8+) assignment expressions (i.e. the := operator)

  • Add support for Python 3.9 after checking the security implications of the syntax changes made in that version.

  • Add support for the bytes and sorted builtins (#186)

Documentation
  • Document parameter mode for the compile_restricted functions (#157)

  • Fix documentation for compile_restricted_function (#158)

Fixes
  • Fix compile_restricted_function with SyntaxErrors that have no text (#181)

  • Drop install dependency on setuptools. (#189)

5.0 (2019-09-03)

Breaking changes
  • Revert the allowance of the ... (Ellipsis) statement, as of 4.0. It is not needed to support Python 3.8. The security implications of the Ellipsis Statement is not 100 % clear and is not checked. ... (Ellipsis) is disallowed again.

Features
  • Add support for f-strings in Python 3.6+. (#123)

4.0 (2019-05-10)

Changes since 3.6.0:

Breaking changes
  • The compile_restricted* functions now return a namedtuple CompileResult instead of a simple tuple.

  • Drop the old implementation of version 3.x: RCompile.py, SelectCompiler.py, MutatingWorker.py, RestrictionMutator.py and tests/verify.py.

  • Drop support for long-deprecated sets module.

Features
  • Mostly complete rewrite based on Python AST module. [loechel (Alexander Loechel), icemac (Michael Howitz), stephan-hof (Stephan Hofmockel), tlotze (Thomas Lotze)]

  • Add support for Python 3.5, 3.6, 3.7.

  • Add preliminary support for Python 3.8. as of 3.8.0a3 is released.

  • Warn when using another Python implementation than CPython as it is not safe to use RestrictedPython with other versions than CPyton. See https://bitbucket.org/pypy/pypy/issues/2653 for PyPy.

  • Allow the ... (Ellipsis) statement. It is needed to support Python 3.8.

  • Allow yield and yield from statements. Generator functions would now work in RestrictedPython.

  • Allow the following magic methods to be defined on classes. (#104) They cannot be called directly but by the built-in way to use them (e. g. class instantiation, or comparison):

    • __init__

    • __contains__

    • __lt__

    • __le__

    • __eq__

    • __ne__

    • __gt__

    • __ge__

  • Imports like from a import * (so called star imports) are now forbidden as they allow to import names starting with an underscore which could override protected build-ins. (#102)

  • Allow to use list comprehensions in the default implementation of RestrictionCapableEval.eval().

  • Switch to pytest as test runner.

  • Bring test coverage to 100 %.

Bug fixes
  • Improve .Guards.safer_getattr to prevent accessing names starting with underscore. (#142)

3.6.0 (2010-07-09)

  • Add name check for names assigned during imports using the from x import y format.

  • Add test for name check when assigning an alias using multiple-context with statements in Python 2.7.

  • Add tests for protection of the iterators for dict and set comprehensions in Python 2.7.

3.6.0a1 (2010-06-05)

  • Remove support for DocumentTemplate.sequence - this is handled in the DocumentTemplate package itself.

3.5.2 (2010-04-30)

  • Remove a testing dependency on zope.testing.

3.5.1 (2009-03-17)

  • Add tests for Utilities module.

  • Filter DeprecationWarnings when importing Python’s sets module.

3.5.0 (2009-02-09)

  • Drop legacy support for Python 2.1 / 2.2 (__future__ imports of nested_scopes / generators.).

3.4.3 (2008-10-26)

  • Fix deprecation warning: with is now a reserved keyword on Python 2.6. That means RestrictedPython should run on Python 2.6 now. Thanks to Ranjith Kannikara, GSoC Student for the patch.

  • Add tests for ternary if expression and for with keyword and context managers.

3.4.2 (2007-07-28)

  • Changed homepage URL to the PyPI site

  • Improve README.txt.

3.4.1 (2007-06-23)

3.4.0 (2007-06-04)

  • RestrictedPython now has its own release cycle as a separate project.

  • Synchronized with RestrictedPython from Zope 2 tree.

3.2.0 (2006-01-05)

  • Corresponds to the verison of the RestrictedPython package shipped as part of the Zope 3.2.0 release.

  • No changes from 3.1.0.

3.1.0 (2005-10-03)

  • Corresponds to the verison of the RestrictedPython package shipped as part of the Zope 3.1.0 release.

  • Remove unused fossil module, SafeMapping.

  • Replaced use of deprecated whrandom module with random (aliased to whrandom for backward compatibility).

3.0.0 (2004-11-07)

  • Corresponds to the verison of the RestrictedPython package shipped as part of the Zope X3.0.0 release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

RestrictedPython-5.2a1.dev0.tar.gz (444.7 kB view details)

Uploaded Source

Built Distribution

RestrictedPython-5.2a1.dev0-py2.py3-none-any.whl (28.0 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file RestrictedPython-5.2a1.dev0.tar.gz.

File metadata

  • Download URL: RestrictedPython-5.2a1.dev0.tar.gz
  • Upload date:
  • Size: 444.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.5.0.1 requests/2.22.0 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.12

File hashes

Hashes for RestrictedPython-5.2a1.dev0.tar.gz
Algorithm Hash digest
SHA256 6840a62ca93ea203fa28f4453a75f0a4184a2a26dbe748a5ef463f85007998cf
MD5 ebe8ca9848f6f7c398c5ede614ce4e55
BLAKE2b-256 ff086ea2398a58b6651fbd88e6491a9021ea7d8d0e77c8d1d57fd73cb5debfe4

See more details on using hashes here.

File details

Details for the file RestrictedPython-5.2a1.dev0-py2.py3-none-any.whl.

File metadata

  • Download URL: RestrictedPython-5.2a1.dev0-py2.py3-none-any.whl
  • Upload date:
  • Size: 28.0 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.5.0.1 requests/2.22.0 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.12

File hashes

Hashes for RestrictedPython-5.2a1.dev0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 92ffaa97849d26665e2b0c98185950e4855f4cfd07b6759d1dc341e536063e65
MD5 36852391e7e71f59bbf9e7dc2706af40
BLAKE2b-256 fe1c4bf470e6e5041073f7f42572d8bbd9f9cd479d33318c54b62c3af400d649

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page