rheostat2718 / unladen-swallow

Automatically exported from code.google.com/p/unladen-swallow
Other
0 stars 0 forks source link

Problems with __builtins__ sandboxing technique (RestrictedPython) #138

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hi.

I've recently claimed that Unladen Swallow would run all tests of Zope2/Plone, 
which wasn't 
quite true. The tests of the RestrictedPython distribution and all dependent 
tests fail.

I've tried to illustrate the core problem in a simple unittest, which I've 
attached.

RestrictedPython executes code in a constrained environment, where the global 
scope only 
contains a limited set of whitelisted names. A number of them are replaced by 
versions 
which perform additional checks. For example the import statement is replaced 
with a 
special version that only allows access to a number of again whitelisted 
modules.

Running the attached test under any normal Python version succeeds. Running it 
under U-S 
produces three test failures all stating:

NameError: global name '#@make_function' is not defined

This happens even when run with "-j never". If you'd add #@make_function to the 
scope, 
you'd run into the same problem for #@buildclass and #@locals in this simple 
example.

I'm not sure what to do about this. You could argue that #@make_function and 
friends are 
new builtins and RestrictedPython needs to be made aware of those. I'm also not 
sure how 
other sandboxing libraries approach this and if it might be a more general 
problem.

But maybe there's some option that would allow U-S to avoid these new builtins 
in the 
normal Python scope.

Original issue reported on code.google.com by hanno...@gmail.com on 19 Feb 2010 at 11:23

Attachments: