1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
API overview
------------
``compile_restricted`` methods
++++++++++++++++++++++++++++++
.. py:method:: compile_restricted(source, filename, mode, flags, dont_inherit, policy)
:module: RestrictedPython
Compiles source code into interpretable byte code.
:param source: (required). the source code that should be compiled
:param filename: (optional). defaults to ``'<unknown>'``
:param mode: (optional). Use ``'exec'``, ``'eval'``, ``'single'`` or ``'function'``. defaults to ``'exec'``
:param flags: (optional). defaults to ``0``
:param dont_inherit: (optional). defaults to ``False``
:param policy: (optional). defaults to ``RestrictingNodeTransformer``
:type source: str or unicode text or ``ast.AST``
:type filename: str or unicode text
:type mode: str or unicode text
:type flags: int
:type dont_inherit: int
:type policy: RestrictingNodeTransformer class
:return: Python ``code`` object
.. py:method:: compile_restricted_exec(source, filename, flags, dont_inherit, policy)
:module: RestrictedPython
Compiles source code into interpretable byte code with ``mode='exec'``.
Use mode ``'exec'`` if the source contains a sequence of statements.
The meaning and defaults of the parameters are the same as in
``compile_restricted``.
:return: CompileResult (a namedtuple with code, errors, warnings, used_names)
.. py:method:: compile_restricted_eval(source, filename, flags, dont_inherit, policy)
:module: RestrictedPython
Compiles source code into interpretable byte code with ``mode='eval'``.
Use mode ``'eval'`` if the source contains a single expression.
The meaning and defaults of the parameters are the same as in
``compile_restricted``.
:return: CompileResult (a namedtuple with code, errors, warnings, used_names)
.. py:method:: compile_restricted_single(source, filename, flags, dont_inherit, policy)
:module: RestrictedPython
Compiles source code into interpretable byte code with ``mode='eval'``.
Use mode ``'single'`` if the source contains a single interactive statement.
The meaning and defaults of the parameters are the same as in
``compile_restricted``.
:return: CompileResult (a namedtuple with code, errors, warnings, used_names)
.. py:method:: compile_restricted_function(p, body, name, filename, globalize=None)
:module: RestrictedPython
Compiles source code into interpretable byte code with ``mode='function'``.
Use mode ``'function'`` for full functions.
:param p: (required). a string representing the function parameters
:param body: (required). the function body
:param name: (required). the function name
:param filename: (optional). defaults to ``'<string>'``
:param globalize: (optional). list of globals. defaults to ``None``
:param flags: (optional). defaults to ``0``
:param dont_inherit: (optional). defaults to ``False``
:param policy: (optional). defaults to ``RestrictingNodeTransformer``
:type p: str or unicode text
:type body: str or unicode text
:type name: str or unicode text
:type filename: str or unicode text
:type globalize: None or list
:type flags: int
:type dont_inherit: int
:type policy: RestrictingNodeTransformer class
:return: byte code
The globalize argument, if specified, is a list of variable names to be
treated as globals (code is generated as if each name in the list
appeared in a global statement at the top of the function).
This allows to inject global variables into the generated function that
feel like they are local variables, so the programmer who uses this doesn't
have to understand that his code is executed inside a function scope
instead of the global scope of a module.
To actually get an executable function, you need to execute this code and
pull out the defined function out of the locals like this:
>>> from RestrictedPython import compile_restricted_function
>>> compiled = compile_restricted_function('', 'pass', 'function_name')
>>> safe_locals = {}
>>> safe_globals = {}
>>> exec(compiled.code, safe_globals, safe_locals)
>>> compiled_function = safe_locals['function_name']
>>> result = compiled_function(*[], **{})
Then if you want to control the globals for a specific call to this
function, you can regenerate the function like this:
>>> my_call_specific_global_bindings = dict(foo='bar')
>>> safe_globals = safe_globals.copy()
>>> safe_globals.update(my_call_specific_global_bindings)
>>> import types
>>> new_function = types.FunctionType(
... compiled_function.__code__,
... safe_globals,
... '<function_name>',
... compiled_function.__defaults__ or ())
>>> result = new_function(*[], **{})
restricted builtins
+++++++++++++++++++
* ``safe_globals``
* ``safe_builtins``
* ``limited_builtins``
* ``utility_builtins``
helper modules
++++++++++++++
* ``PrintCollector``
RestrictingNodeTransformer
++++++++++++++++++++++++++
``RestrictingNodeTransformer`` provides the base policy used by RestrictedPython itself.
It is a subclass of a ``NodeTransformer`` which has a set of ``visit_<AST_Elem>`` methods and a ``generic_visit`` method.
``generic_visit`` is a predefined method of any ``NodeVisitor`` which sequentially visits all sub nodes. In RestrictedPython this behaviour is overwritten to always call a new internal method ``not_allowed(node)``.
This results in an implicit blacklisting of all not allowed AST elements.
Any possibly new introduced AST element in Python (new language element) will implicitly be blocked and not allowed in RestrictedPython.
So, if new elements should be introduced, an explicit ``visit_<new AST elem>`` is necessary.
|
