class PythonExpr(PythonExpr): _globals = get_safe_globals() _globals['_getattr_'] = guarded_getattr _globals['__debug__' ] = __debug__ def __init__(self, name, expr, engine): self.text = self.expr = text = expr.strip().replace('\n', ' ') # Unicode expression are not handled properly by RestrictedPython # We convert the expression to UTF-8 (ajung) if isinstance(text, unicode): text = text.encode('utf-8') code, err, warn, use = compile_restricted_eval(text, self.__class__.__name__) if err: raise engine.getCompilerError()('Python expression error:\n%s' % '\n'.join(err)) self._varnames = use.keys() self._code = code def __call__(self, econtext): __traceback_info__ = self.text vars = self._bind_used_names(econtext, {}) vars.update(self._globals) return eval(self._code, vars, {})
def _compile_str(self, text, name): from RestrictedPython import compile_restricted from AccessControl.ZopeGuards import get_safe_globals, guarded_getattr code = compile_restricted(text, name, 'exec') g = get_safe_globals() g['_getattr_'] = guarded_getattr g['__debug__'] = 1 # so assert statements are active g['__name__'] = __name__ # so classes can be defined in the script return code, g
def _newfun(self, code): g = get_safe_globals() g['_getattr_'] = guarded_getattr g['__debug__'] = __debug__ g['__name__'] = None l = {} exec code in g, l self._v_f = f = l.values()[0] self._v_ft = (f.func_code, g, f.func_defaults or ()) return f
def build_global(data): """ based on: http://developer.plone.org/security/sandboxing.html """ g = get_safe_globals() g['__builtins__'] = safe_builtins from AccessControl.ImplPython import guarded_getattr as guarded_getattr_safe g['_getattr_'] = guarded_getattr_safe g['data'] = data return g
def execute(self): self.__alive = True restricted_globals = get_safe_globals() restricted_globals["input"] = self.sin.reader() restricted_globals["_print_"] = self.sout.printer() restricted_globals["sleep"] = time.sleep restricted_globals["log"] = lambda x: print(f"{self.bot_id}: {x}") local_vars = {} self.task = threading.Thread(group=None, target=run_code, args=(self.code_location, restricted_globals, local_vars), name=self.bot_id) self.start_time = time.time() self.task.start() return self.task
def _newfun(self, code): safe_globals = get_safe_globals() safe_globals['_getattr_'] = guarded_getattr safe_globals['__debug__'] = __debug__ # it doesn't really matter what __name__ is, *but* # - we need a __name__ # (see testPythonScript.TestPythonScriptGlobals.test__name__) # - it should not contain a period, so we can't use the id # (see https://bugs.launchpad.net/zope2/+bug/142731/comments/4) # - with Python 2.6 it should not be None # (see testPythonScript.TestPythonScriptGlobals.test_filepath) safe_globals['__name__'] = 'script' safe_locals = {} six.exec_(code, safe_globals, safe_locals) func = list(safe_locals.values())[0] self._v_ft = (func.__code__, safe_globals, func.__defaults__ or ()) return func
def _newfun(self, code): g = get_safe_globals() g['_getattr_'] = guarded_getattr g['__debug__'] = __debug__ # it doesn't really matter what __name__ is, *but* # - we need a __name__ # (see testPythonScript.TestPythonScriptGlobals.test__name__) # - it should not contain a period, so we can't use the id # (see https://bugs.launchpad.net/zope2/+bug/142731/comments/4) # - with Python 2.6 it should not be None # (see testPythonScript.TestPythonScriptGlobals.test_filepath) g['__name__'] = 'script' l = {} exec code in g, l f = l.values()[0] self._v_ft = (f.func_code, g, f.func_defaults or ()) return f
class PythonExpr(PythonExpr): _globals = get_safe_globals() _globals['_getattr_'] = guarded_getattr _globals['__debug__'] = __debug__ def __init__(self, name, expr, engine): self.text = self.expr = text = expr.strip().replace('\n', ' ') code, err, warn, use = compile_restricted_eval(text, self.__class__.__name__) if err: raise engine.getCompilerError()('Python expression error:\n%s' % '\n'.join(err)) self._varnames = list(use.keys()) self._code = code def __call__(self, econtext): __traceback_info__ = self.text vars = self._bind_used_names(econtext, {}) vars.update(self._globals) return eval(self._code, vars, {})
def prepare_restricted_function(p, body, name, filename, globalize=None): # We just do what they do in PythonScript... r = compile_restricted_function(p, body, name, filename, globalize) code = r[0] errors = r[1] warnings = tuple(r[2]) if errors: logger.warning('\n'.join(errors)) raise SyntaxError() elif warnings: logger.warning('\n'.join(warnings)) g = get_safe_globals() g['_getattr_'] = guarded_getattr g['__debug__'] = __debug__ g['__name__'] = 'script' l = {} exec code in g, l f = l.values()[0] return f.func_code, g, f.func_defaults or ()