Hi.
I've recently claimed that Unladen Swallow would run all tests of Zope2/Plone,
which wasn't
quite true. The tests of the RestrictedPython distribution and all dependent
tests fail.
I've tried to illustrate the core problem in a simple unittest, which I've
attached.
RestrictedPython executes code in a constrained environment, where the global
scope only
contains a limited set of whitelisted names. A number of them are replaced by
versions
which perform additional checks. For example the import statement is replaced
with a
special version that only allows access to a number of again whitelisted
modules.
Running the attached test under any normal Python version succeeds. Running it
under U-S
produces three test failures all stating:
NameError: global name '#@make_function' is not defined
This happens even when run with "-j never". If you'd add #@make_function to the
scope,
you'd run into the same problem for #@buildclass and #@locals in this simple
example.
I'm not sure what to do about this. You could argue that #@make_function and
friends are
new builtins and RestrictedPython needs to be made aware of those. I'm also not
sure how
other sandboxing libraries approach this and if it might be a more general
problem.
But maybe there's some option that would allow U-S to avoid these new builtins
in the
normal Python scope.
Original issue reported on code.google.com by hanno...@gmail.com on 19 Feb 2010 at 11:23
Original issue reported on code.google.com by
hanno...@gmail.comon 19 Feb 2010 at 11:23Attachments: