Disable RExpression and replace compile by default Python compile function.

28eb4721 · Boxiang Sun · d29dda25 · 28eb4721
Commit 28eb4721 authored Oct 07, 2016 by Boxiang Sun
Hide whitespace changes
Inline Side-by-side

Showing with 72 additions and 70 deletions

src/zope/security/untrustedpython/rcompile.py src/zope/security/untrustedpython/rcompile.py +72 -70

No files found.
--- a/src/zope/security/untrustedpython/rcompile.py
+++ b/src/zope/security/untrustedpython/rcompile.py
@@ -18,80 +18,82 @@ Only 'eval' is supported at this time.
 $Id: rcompile.py 70826 2006-10-20 03:41:16Z baijum $
 """
-import compiler.pycodegen
+# import compiler.pycodegen
 import RestrictedPython.RCompile
-from RestrictedPython.SelectCompiler import ast, OP_ASSIGN, OP_DELETE, OP_APPLY
+# from RestrictedPython.SelectCompiler import ast, OP_ASSIGN, OP_DELETE, OP_APPLY
 def compile(text, filename, mode):
    if not isinstance(text, basestring):
        raise TypeError("Compiled source must be string")
-    gen = RExpression(text, str(filename), mode)
+    # gen = RExpression(text, str(filename), mode)
-    gen.compile()
+    # gen.compile()
-    return gen.getCode()
+    # return gen.getCode()
+    import compile
+    return compile(text, filename, mode)
-class RExpression(RestrictedPython.RCompile.RestrictedCompileMode):
+# class RExpression(RestrictedPython.RCompile.RestrictedCompileMode):
+#
-    CodeGeneratorClass = compiler.pycodegen.ExpressionCodeGenerator
+#     CodeGeneratorClass = compiler.pycodegen.ExpressionCodeGenerator
+#
-    def __init__(self, source, filename, mode = "eval"):
+#     def __init__(self, source, filename, mode = "eval"):
-        self.mode = mode
+#         self.mode = mode
-        RestrictedPython.RCompile.RestrictedCompileMode.__init__(
+#         RestrictedPython.RCompile.RestrictedCompileMode.__init__(
-            self, source, filename)
+#             self, source, filename)
-        self.rm = RestrictionMutator()
+#         self.rm = RestrictionMutator()
+#
+#
-# The security checks are performed by a set of six functions that
+# # The security checks are performed by a set of six functions that
-# must be provided by the restricted environment.
+# # must be provided by the restricted environment.
+#
-_getattr_name = ast.Name("getattr")
+# _getattr_name = ast.Name("getattr")
+#
+#
-class RestrictionMutator:
+# class RestrictionMutator:
+#
-    def __init__(self):
+#     def __init__(self):
-        self.errors = []
+#         self.errors = []
-        self.warnings = []
+#         self.warnings = []
-        self.used_names = {}
+#         self.used_names = {}
+#
-    def error(self, node, info):
+#     def error(self, node, info):
-        """Records a security error discovered during compilation."""
+#         """Records a security error discovered during compilation."""
-        lineno = getattr(node, 'lineno', None)
+#         lineno = getattr(node, 'lineno', None)
-        if lineno is not None and lineno > 0:
+#         if lineno is not None and lineno > 0:
-            self.errors.append('Line %d: %s' % (lineno, info))
+#             self.errors.append('Line %d: %s' % (lineno, info))
-        else:
+#         else:
-            self.errors.append(info)
+#             self.errors.append(info)
+#
-    def visitGetattr(self, node, walker):
+#     def visitGetattr(self, node, walker):
-        """Converts attribute access to a function call.
+#         """Converts attribute access to a function call.
+#
-        'foo.bar' becomes 'getattr(foo, "bar")'.
+#         'foo.bar' becomes 'getattr(foo, "bar")'.
+#
-        Also prevents augmented assignment of attributes, which would
+#         Also prevents augmented assignment of attributes, which would
-        be difficult to support correctly.
+#         be difficult to support correctly.
-        """
+#         """
-        node = walker.defaultVisitNode(node)
+#         node = walker.defaultVisitNode(node)
-        return ast.CallFunc(_getattr_name,
+#         return ast.CallFunc(_getattr_name,
-                            [node.expr, ast.Const(node.attrname)])
+#                             [node.expr, ast.Const(node.attrname)])
+#
-    def visitExec(self, node, walker):
+#     def visitExec(self, node, walker):
-        self.error(node, "exec statements are not supported")
+#         self.error(node, "exec statements are not supported")
+#
-    def visitPrint(self, node, walker):
+#     def visitPrint(self, node, walker):
-        """Make sure prints always have a destination
+#         """Make sure prints always have a destination
+#
-        If we get a print without a destination, make the default destination
+#         If we get a print without a destination, make the default destination
-        untrusted_output.
+#         untrusted_output.
-        """
+#         """
-        node = walker.defaultVisitNode(node)
+#         node = walker.defaultVisitNode(node)
-        if node.dest is None:
+#         if node.dest is None:
-            node.dest = ast.Name('untrusted_output')
+#             node.dest = ast.Name('untrusted_output')
-        return node
+#         return node
-    visitPrintnl = visitPrint
+#     visitPrintnl = visitPrint
+#         
-    def visitRaise(self, node, walker):
+#     def visitRaise(self, node, walker):
-        self.error(node, "raise statements are not supported")
+#         self.error(node, "raise statements are not supported")
+#
-    def visitTryExcept(self, node, walker):
+#     def visitTryExcept(self, node, walker):
-        self.error(node, "try/except statements are not supported")
+#         self.error(node, "try/except statements are not supported")
+#