document whitelisting protected imports

[djay]

I'll modify the docs but for now it works kind of like this

from zope.security.checker import defineChecker, CheckerPublic, NamesChecker
import random
defineChecker(random, NamesChecker([meth for meth in dir(random) if meth[0] != '_']))

I suspect there are better ways but this works for now.

For classes this works

import persistent.list
import persistent.dict
defineChecker(persistent.list, NamesChecker(['PersistentList']))
defineChecker(persistent.dict, NamesChecker(['PersistentDict']))

dict_checker = NamesChecker(['__call__','__init__','__getitem__', '__len__', '__iter__',
                        'get', 'has_key', 'copy', '__str__', 'keys',
                        'values', 'items', 'iterkeys', 'iteritems',
                        'itervalues', '__contains__'])
persistent.dict.PersistentDict.__Security_checker__ = dict_checker
list_checker = NamesChecker(['__call__','__init__','__getitem__', '__getslice__', '__len__', '__iter__',
                        '__contains__', 'index', 'count', '__str__',
                        '__add__', '__radd__','__setitem__' ])
persistent.list.PersistentList.__Security_checker__ = list_checker

[ebrehault]

I have used a different approach, but it is covered by https://github.com/plomino/rapido.core/commit/aa97d9e0b27bebc22dd1aea67b1231e060d4daef (see doc here: https://github.com/plomino/rapido.plone/blob/master/docs/python-api.rst#contextmodules)

It is easier to provide modules through context. Using NamesChecker is very painful with nested modules, like for instance allowing datetime.date.today.

Re-open if necessary.

[djay]

that way is just not scalable. You can't expect the core to be updated to allow access to every module that might exist? In addition I don't like having new apis for things that are well documented else where. It's counter intuitive to have the rest of the world saying "import plone.api" but in rapido world you have to read enough documentation to realise that this becomes "context.module.plone.api"? If the problem is making untrusted python easier to whitelist modules then thats the fix we need to explore IMO

[djay]

I think I can create some utils to make it easier to whitelist but they probably shouldn't go in safelib (which is more a kitchensick of already whitelisted modules). Perhaps it should get added to untrustedpython itself?

[djay]

I created an issue here https://github.com/zopefoundation/zope.untrustedpython/issues/1

[ebrehault]

I agree it would be semantically much better to be able to import modules.

But regarding:

that way is just not scalable. You can't expect the core to be updated to allow access to every module that might exist?

maybe the doc is unclear, but you can declare new safe modules from outside Rapido (for instance from a custom addon) like this:

import whatever
from rapido.core import app
app.safe_modules.whatever = whatever