Commit b512c173 authored by Jérome Perrin's avatar Jérome Perrin

patches/Restricted: allow random.Random

all member of random module are available (because in ZopeGuards, there's a
random.__allow_access_to_unprotected_subobjects__ = 1), SystemRandom class
also is, but Random class was not, even though there should be nothing unsafe
in this.

This is needed if we want to use a random number generator with a fixed seed
to get reproductible results. We could use random.seed module level function
but since this is also used by several things in ERP5 this does not produce
reproductible sequences.
parent cba1f0e2
Pipeline #11576 failed with stage
in 0 seconds
......@@ -129,6 +129,10 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
expected=[('q', 's')]
)
def testRandom(self):
self.createAndRunScript('import random',
'return random.Random().getrandbits(10)')
def testSystemRandom(self):
self.createAndRunScript('import random',
'return random.SystemRandom().getrandbits(10)')
......
......@@ -393,6 +393,8 @@ del member_id, member
from random import SystemRandom
allow_type(SystemRandom)
from random import Random
allow_type(Random)
ModuleSecurityInfo('os').declarePublic('urandom')
#
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment