Skip to main content

The BitCCL scripting language compiler package

Project description

BitCCL


CircleCI Codecov PyPI PyPI - Downloads


BitCCL is a Bitcart scripting language used for automating checkout flow and more.

It is currently in alpha stage, being separated from the main Bitcart repository.

Architechture

BitCCL is basically Python, but:

  • Safe, with disabled import system
  • Robust, with many built-in functions
  • Optimized for running in Bitcart environment

Language file extension is .bccl.

Running

pip install -r requirements.txt
./compiler example.bitccl

Built-in functions

Current built-in functions list can be always seen in functions.py file.

Table of built-in functions:

Signature Description Return value
add_event_listener(event, func) Adds event listener func to be called when event is dispatched None
@on(event) A decorator used for registering functions to be called when event is dispatched. Example: @on(ProductBought(1)) def func(): pass Wrapper function
dispatch_event(event, *args, **kwargs) Dispatch event, optionally passing positional or named arguments to event handlers None
template(name, data={}) Render template name, optionally passing data to it Template text on success, empty string("") otherwise
send_email(to, subject, text) Sends email to email address to, with subject and text. Uses email server configuration from config.json True on success, False otherwise
password(length=SECURE_PASSWORD_LENGTH) Generate cryptographically unique password of length if provided, otherwise uses safe enough length. Generated password

Also a http client is available.

To send http request with it, use:

http.method(url)

To send HTTP method (get, post, delete, patch, etc.) to url. You can also optionally pass additional query parameters (params argument), request body data (data argument), files (files argument), headers (headers argument), cookies (cookie argument) and more.

Here is how the most complex request might look like:

http.method(url, params={}, headers={}, cookies={}, auth=None, allow_redirects=True, cert="", verify=True, timeout=5.0)

All arguments except for url are optional.

After sending a request, you can retrieve response data:

If res is response got from calling http.method(...), then:

res.text will return text data from response (for example, html)

res.content will return binary data from response (for example, file contents)

res.json() will return json data from response (for example, when accessing different web APIs)

Response status code can be got as res.status_code.

For convenience, you are provided with http request codes to easily check if request is successful without remembering the numbers.

For example, http_codes.OK is status code 200 (success). So, to check if request has succeeded, you can check like so:

res = http.get("https://example.com")
if res.status_code == http_codes.OK:
    print("Success")

For additional information about built-in http client, you can read it's full documentation

Also, Bitcart SDK is available to use.

To access coins without xpub to get transaction, fiat rate or anything else not requiring a wallet, you can access each coin by it's lowercase symbol, for example:

print(btc.rate())
print(ltc.rate())
print(bch.rate())
print(xrg.rate())
print(bsty.rate())

Note: running coins' commands require it's daemon running if you are not using BitCCL from Bitcart deployment.

To perform operations requiring a wallet, use upper-case coin symbol, passing xpub/ypub/zpub/xprv/yprv/zprv/electrum seed in it:

coin = BTC(xpub="my xpub")
print(coin.balance())
# or if using only once:
print(BTC(xpub="my xpub").balance())

Built-in events

Refer to events.md.

It is generated automatically from BitCCL code.

Plugin system

If using BitCCL programmatically, you can extend it's execution context with plugins.

Pass a list of plugin-like objects to run function, like so:

from bitccl import run

run("print(x)", plugins=[TestPlugin()])

Each plugin can be anything: class, object, module object, it must have two methods:

startup() method returning dictionary, which will be used to update execution context with new variables

shutdown(context) method which should perform a clean-up of injected variables if needed

Here's TestPlugin code from above's example:

class TestPlugin:
    def startup(self):
        return {"x": 5}

    def shutdown(self, context):
        pass

How does BitCCL secure the users

BitCCL uses RestrictedPython project with some modifications.

Before executing arbitrary code, which could possibly be copied by a merchant from unknown source, we parse it into AST tree.

Then, by AST transformation, we delete dangerous operations or replace them to non-existing names (for example getattr to _getattr_)

The following code:

x.foo = x.foo + x[0]

is transformed to:

_write(x).foo = _getattr(x, 'foo') + _getitem(x, 0)

That way, our built-in functions have access to what they need, but user code is restricted.

If some dangerous operations are found at AST transforming stage, CompilationRestrictedError is raised with a list of errors.

That way, in many cases code won't even be executed if it is dangerous.

Afterwards, we execute the bytecode with a pretty limited globals object, with safer replacements for built-in functions.

3 main points making it secure:

  • Imports are disabled (import os; os.removedirs("/") or similar won't work)

  • The main one: accessing magic attributes is disallowed, like __class__, __base__, __subclasses__ and similar It is not useful for user code, but opens many possible security holes The worst example is this:

    print((1).__class__.__base__.__subclasses__())
    

    It could be used to access any class in your program, but accessing __class__ and further is disallowed. It also disallowed such cases as template.__globals__['os'].listdir('/') and many others

  • Also, by providing a limited amount of globals, unsafe ones are excluded, so you are provided only with useful, but safe tools

Contributing

You can contribute to BitCCL language by suggesting new built-in functions and events to be added, as well as any ideas for improving it. Open an issue to suggest new features

Also see our contributing guidelines.

Copyright and License

Copyright (C) 2020 MrNaif2018

Licensed under the MIT license

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bitccl-0.4.3.tar.gz (20.0 kB view details)

Uploaded Source

Built Distribution

bitccl-0.4.3-py3-none-any.whl (13.6 kB view details)

Uploaded Python 3

File details

Details for the file bitccl-0.4.3.tar.gz.

File metadata

  • Download URL: bitccl-0.4.3.tar.gz
  • Upload date:
  • Size: 20.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.8.18

File hashes

Hashes for bitccl-0.4.3.tar.gz
Algorithm Hash digest
SHA256 e73792f8dc1ced69be8fb9bed04d9567c755746fab6cffb028e168c4fba2326f
MD5 01eabdd6d075c12653eff34f2d62372e
BLAKE2b-256 62f7a67c6f6e935a69e262ddea7defdf25120739bf2a0b3881de94217de67607

See more details on using hashes here.

File details

Details for the file bitccl-0.4.3-py3-none-any.whl.

File metadata

  • Download URL: bitccl-0.4.3-py3-none-any.whl
  • Upload date:
  • Size: 13.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.8.18

File hashes

Hashes for bitccl-0.4.3-py3-none-any.whl
Algorithm Hash digest
SHA256 8df6dbf00911c95e10d88785232a5b6f6cd798bd772c41115013fb5cc383261e
MD5 eb916a83a8e3d8909a43904b2d7d885c
BLAKE2b-256 2209131d8dc83987b4c89f4c02c8c97e360ff99e379d7d30669c5e2a49f64d84

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page