string and tuple methods are allowed

[mwermelinger]

@densnow found that no str or tuple method is flagged as disallowed and suggests to add to the configuration something like str: [] to explicitly say that no string method is allowed.

If it works, it's a good quick fix, and makes explicit that nothing is allowed. Would also have to add all other built-in types (bytes, whatever). For library and user-defined types, what is allowed is restricted by the import configuration.

Ideally, this should be fixed well before TMA02 submission.

[mwermelinger]

Effort is medium because it also requires improving tests.

[densnow]

I did a (very) quick test by adding str: [] to unit 4 in the M269 config file. It does seem to be a viable quick fix and should do the job. I also ran the test script and no strange behaviors were present.

I am guessing in the long term it could be best to change the logic of allowedto flag methods not explicitly mentioned in the config. It is nice to have the config file only include things that are allowed rather than the other way around :smile:

The common builtins (not already in the M269 config) that have methods seem to be int, float complex, tuple, range, str, bytes, bytearray. Hopefully that covers everything we need for now?

[mwermelinger]

Thanks. Yes, it would be best that "if it's not explicitly allowed, it's disallowed", but then we need to parse any user classes and import statements to check that code that calls them is allowed.