from RestrictedPython.Guards import guarded_iter_unpack_sequence from RestrictedPython.Guards import guarded_unpack_sequence from RestrictedPython.Guards import safe_builtins from RestrictedPython.Utilities import utility_builtins from zExceptions import Unauthorized from AccessControl.SecurityInfo import secureModule from AccessControl.SecurityManagement import getSecurityManager from AccessControl.SimpleObjectPolicies import ContainerAssertions from AccessControl.SimpleObjectPolicies import Containers from AccessControl.SimpleObjectPolicies import allow_type _marker = [] # Create a new marker object. safe_builtins = safe_builtins.copy() safe_builtins.update(utility_builtins) # Allow access to unprotected attributes (don't show deprecation warning). with warnings.catch_warnings(): warnings.simplefilter("ignore") try: import sets except ImportError: pass else: sets.__allow_access_to_unprotected_subobjects__ = 1 # Allow access to unprotected attributes string.__allow_access_to_unprotected_subobjects__ = 1 math.__allow_access_to_unprotected_subobjects__ = 1 random.__allow_access_to_unprotected_subobjects__ = 1
import sys import RestrictedPython from RestrictedPython.Guards import safe_builtins, full_write_guard from RestrictedPython.Utilities import utility_builtins from RestrictedPython.Eval import RestrictionCapableEval from SecurityManagement import getSecurityManager from SecurityInfo import secureModule from SimpleObjectPolicies import Containers, ContainerAssertions from zExceptions import Unauthorized _marker = [] # Create a new marker object. safe_builtins = safe_builtins.copy() safe_builtins.update(utility_builtins) # AccessControl.Implementation inserts these names into this module as # module globals: aq_validate, guarded_getattr def initialize(impl): # Called by AccessControl.Implementation.setImplementation() # whenever the selected implementation changes. global guarded_getattr guarded_getattr = impl.guarded_getattr safe_builtins['getattr'] = guarded_getattr def guarded_hasattr(object, name): try: guarded_getattr(object, name)
import string import warnings import RestrictedPython from RestrictedPython.Guards import safe_builtins, full_write_guard from RestrictedPython.Utilities import utility_builtins from RestrictedPython.Eval import RestrictionCapableEval from ZopeReplacements import getSecurityManager from ZopeReplacements import secureModule from SimpleObjectPolicies import Containers, ContainerAssertions from ZopeReplacements import Unauthorized _marker = [] # Create a new marker object. safe_builtins = safe_builtins.copy() safe_builtins.update(utility_builtins) # Allow access to unprotected attributes (don't show deprecation warning). with warnings.catch_warnings(): try: import sets except ImportError: pass else: sets.__allow_access_to_unprotected_subobjects__ = 1 # Allow access to unprotected attributes string.__allow_access_to_unprotected_subobjects__ = 1 math.__allow_access_to_unprotected_subobjects__ = 1 random.__allow_access_to_unprotected_subobjects__ = 1
import sys from RestrictedPython import compile_restricted from RestrictedPython.PrintCollector import PrintCollector from RestrictedPython.Guards import safe_builtins data = open (sys.argv[1], "r").read() src = data _builtins = dict(__builtins__.__dict__) def _hook_import(name, *args, **kwargs): if name == 'subprocess': # now allow to import unsecure lib raise RuntimeError('cannot import lib') # otherwise, use default __import__ return __import__(name, *args, **kwargs) # replace __import__ with our hook implementation _builtins['__import__'] = _hook_import safe_builtins.update({'__import__': _builtins['__import__']}) safe_builtins.update({'_print_': _builtins['print']}) restricted_globals = dict(__builtins__ = safe_builtins) code = compile(src, '<string>', 'exec') exec(code) in restricted_globals
import os.path import re import codecs from RestrictedPython.RCompile import RExpression from RestrictedPython.MutatingWalker import walk from RestrictedPython.Guards import safe_builtins as eval_builtins from string import maketrans from compiler import ast, parse _subexpr = re.compile("\$\$|\$\$|\$(?P<nosan>/)?(?P<label>[a-z]+)?(?P<paren>\()?") pathseptrans = dict(enumerate(unicode(maketrans('/', '_')[:48]))) pathtrans = dict(enumerate(unicode(maketrans(r'/\[]?=+<>;",*|', os.path.sep + '_' * 13)[:125]))) eval_builtins = eval_builtins.copy() eval_builtins.update(filter=filter, map=map, max=max, min=min, reduce=reduce, reversed=reversed, slice=slice, sorted=sorted) del eval_builtins['delattr'] del eval_builtins['setattr'] eval_globals = {'__builtins__':eval_builtins, '_getattr_':getattr, '_getitem_': lambda x, y: x[y]} def underscorereplace_errors(e): return (u'_' * (e.end - e.start), e.end) codecs.register_error('underscorereplace', underscorereplace_errors) def evaluate(item, cdict): if isinstance(item, Expr): return item.evaluate(cdict) else: return item