File: framework_usage.rst

package info (click to toggle)
restrictedpython 8.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,072 kB
  • sloc: python: 4,043; makefile: 193
file content (86 lines) | stat: -rw-r--r-- 2,914 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
.. _sec_usage_frameworks:

Usage in frameworks and Zope
----------------------------

One major issue with using ``compile_restricted`` directly in a framework is, that you have to use try-except statements to handle problems and it might be a bit harder to provide useful information to the user.
RestrictedPython provides four specialized compile_restricted methods:

* ``compile_restricted_exec``
* ``compile_restricted_eval``
* ``compile_restricted_single``
* ``compile_restricted_function``

Those four methods return a named tuple (``CompileResult``) with four elements:

``code``
    ``<code>`` object or ``None`` if ``errors`` is not empty
``errors``
    a tuple with error messages
``warnings``
    a list with warnings
``used_names``
    a dictionary mapping collected used names to ``True``.

These details can be used to inform the user about the compiled source code.

Modifying the builtins is straight forward, it is just a dictionary containing the available library elements.
Modification normally means removing elements from existing builtins or adding allowed elements by copying from globals.

For frameworks it could possibly also be useful to change the handling of specific Python language elements.
For that use case RestrictedPython provides the possibility to pass an own policy.

A policy is basically a special ``NodeTransformer`` that could be instantiated with three params for ``errors``, ``warnings`` and ``used_names``, it should be a subclass of RestrictedPython.RestrictingNodeTransformer.

.. testcode:: own_policy

    from RestrictedPython import compile_restricted
    from RestrictedPython import RestrictingNodeTransformer

    class OwnRestrictingNodeTransformer(RestrictingNodeTransformer):
        pass

    policy_instance = OwnRestrictingNodeTransformer(
        errors=[],
        warnings=[],
        used_names=[]
    )

All ``compile_restricted*`` methods do have an optional parameter ``policy``, where a specific policy could be provided.

.. testcode:: own_policy

    source_code = """
    def do_something():
        pass
    """

    policy = OwnRestrictingNodeTransformer

    byte_code = compile_restricted(
        source_code,
        filename='<inline code>',
        mode='exec',
        policy=policy # policy class
    )
    exec(byte_code, globals(), None)

One special case "unrestricted RestrictedPython" (defined to unblock ports of Zope Packages to Python 3) is to actually use RestrictedPython in an unrestricted mode, by providing a Null-Policy (aka ``None``).
That special case would be written as:

.. testcode::

    from RestrictedPython import compile_restricted

    source_code = """
    def do_something():
        pass
    """

    byte_code = compile_restricted(
        source_code,
        filename='<inline code>',
        mode='exec',
        policy=None # Null-Policy -> unrestricted
    )
    exec(byte_code, globals(), None)