You are not logged in Log in Join
You are here: Home » Members » 4AM Productions (Evan Simpson) » PythonMethodWiki » PlannedBehavior

Log in
Name

Password

 
 
FrontPage »

PlannedBehavior

Python Methods Planned Behavior

  • uses GuardedBlock for security
  • copies methods from DocumentTemplate.DT_Util.TemplateDict into the builtins dictionary
  • uses the Bindings tab to make the container, context, method object, caller's DTML namespace, and traversal information available through user-chosen names.
  • recurses into code blocks, allowing lambdas and nested function definitions.

GuardedBlock security

  • co_names is checked for multi-character names beginning with "_".
  • print statements are replaced with calls to a function that stores the text in a list. The concatenation of these strings is available through global variable printed. If printed is not read, but print statements are used, a warning is printed.
  • assignments to attributes, items, or slices are replaced with calls to methods of the container. These are named __guarded_setattr__, __guarded_setitem__, and __guarded_setslice__.
  • del statements that operate on attributes, items, or slices are replaced with calls to methods of the container. These are named __guarded_delattr__, __guarded_delitem__, and __guarded_delslice__.
  • Literal lists and dictionaries are exempted from this wrapping, as are objects which declare that they handle their own write security, by exposing a true _guarded_writes attribute.
  • return, assert, try/finally, try/except/else, pass, raise, break, global, and if/elif/else are not changed or restricted.
  • for/else, while/else, and continue statements have calls to a global iteration counter/termination polling function inserted just before the jump to the start of a loop.
  • import is restricted by providing an __import__ function which only succeeds if each module to be imported is already in sys.modules. Access to names within modules is protected by calling the security machinery.
  • exec statements are not allowed.
  • The only other statements are expression statements. Expression evaluation is altered so that multiplication operations are replaced with calls to careful_mul from DocumentTemplate.VSEval. All access to attributes, items, and slices is guarded by calls to the security machinery.
  • Since CodeBlock compiles a function in an empty global namespace with no builtins, the function is flagged restricted, and cannot access internal attributes such as im_func.