Kross::Python::PythonSecurity Class Reference

#include <pythonsecurity.h>

Inheritance diagram for Kross::Python::PythonSecurity:

[legend]Collaboration diagram for Kross::Python::PythonSecurity:

[legend]List of all members.

---

Detailed Description

This class handles the used Zope3 RestrictedPython package to spend a restricted sandbox for scripting code.

The RestrictedPython code is avaible as Python files. So, this class takes care of loading them and spending the functions we need to access the functionality from within Kross. That way it's easy to update the module with a newer version if some security issues show up.

What the RestrictedPython code does is to compile the plain python code (py) into compiled python code (pyc) and manipulate those compiled code by replacing unsafe code with own wrapped code. As example a simple "x = y.z" would be transfered to "x = _getattr_(y, 'z')". The _getattr_ is defined in the RestrictedPython module and will take care of applied restrictions.

See also:

http://www.zope.org

http://svn.zope.org/Zope3/trunk/src/RestrictedPython/

Definition at line 56 of file pythonsecurity.h.

Public Member Functions
	PythonSecurity (PythonInterpreter *interpreter)
virtual	~PythonSecurity ()
PyObject *	compile_restricted (const QString &source, const QString &filename, const QString &mode)

---

Constructor & Destructor Documentation

PythonSecurity::PythonSecurity (  PythonInterpreter *  interpreter  )  [explicit]

Constructor. Parameters: interpreter  The PythonInterpreter instance used to create this Module. Definition at line 28 of file pythonsecurity.cpp. : Py::ExtensionModule<PythonSecurity>("PythonSecurity") , m_interpreter(interpreter) , m_pymodule(0) { add_varargs_method("_getattr_", &PythonSecurity::_getattr_, "Secure wapper around the getattr method."); initialize("The PythonSecurity module used to wrap the RestrictedPython functionality."); /* TESTCASE initRestrictedPython(); compile_restricted( "a = 2 + 5\n" "import os\n" "import sys\n" "b = sys.path\n" "print \"######### >>>testcase<<< #########\" \n" , "mytestcase", // filename "exec" // 'exec' or 'eval' or 'single' ); */ }

PythonSecurity::~PythonSecurity (   )  [virtual]

Destructor. Definition at line 52 of file pythonsecurity.cpp. { delete m_pymodule; }

---

Member Function Documentation

PyObject * PythonSecurity::compile_restricted (  const QString &  source, const QString &  filename, const QString &  mode )

Compile python scripting code and return a restricted code object. Parameters: source  The python scripting code. filename  The filename used on errormessages. mode  Compilemode, could be 'exec' or 'eval' or 'single'. Returns: The compiled python code object on success else NULL. The caller owns the resulting object and needs to take care to decrease the ref-counter it not needed any longer. Definition at line 109 of file pythonsecurity.cpp. References QString::utf8(). { kdDebug()<<"PythonSecurity::compile_restricted"<<endl; if(! m_pymodule) initRestrictedPython(); // throws exception if failed try { Py::Dict mainmoduledict = ((PythonInterpreter*)m_interpreter)->mainModule()->getDict(); PyObject* func = PyDict_GetItemString(m_pymodule->getDict().ptr(), "compile_restricted"); if(! func) throw Kross::Api::Exception::Ptr( new Kross::Api::Exception(QString("No such function '%1'.").arg("compile_restricted")) ); Py::Callable funcobject(func, true); // the funcobject takes care of freeing our func pyobject. if(! funcobject.isCallable()) throw Kross::Api::Exception::Ptr( new Kross::Api::Exception(QString("Function '%1' is not callable.").arg("compile_restricted")) ); Py::Tuple args(3); args[0] = Py::String(source.utf8()); args[1] = Py::String(filename.utf8()); args[2] = Py::String(mode.utf8()); Py::Object result = funcobject.apply(args); PyObject* pycode = PyEval_EvalCode( (PyCodeObject*)result.ptr(), mainmoduledict.ptr(), mainmoduledict.ptr() ); if(! pycode) throw Py::Exception(); /* kdDebug()<<"$---------------------------------------------------"<<endl; Py::List ml = mainmoduledict; for(Py::List::size_type mi = 0; mi < ml.length(); ++mi) { kdDebug() << QString("-------------------") << endl; kdDebug() << QString("dir() = %1").arg( ml[mi].str().as_string().c_str() ) << endl; //kdDebug() << QString("dir().dir() = %1").arg( Py::Object(ml[mi]).dir().as_string().c_str() ) << endl; } kdDebug()<<"$---------------------------------------------------"<<endl; */ Py::Object code(pycode); kdDebug()<< code.as_string().c_str() << " callable=" << PyCallable_Check(code.ptr()) << endl; Py::List l = code.dir(); for(Py::List::size_type i = 0; i < l.length(); ++i) { kdDebug() << QString("dir() = %1").arg( l[i].str().as_string().c_str() ) << endl; //kdDebug() << QString("dir().dir() = %1").arg( Py::Object(l[i]).dir().as_string().c_str() ) << endl; } return pycode; } catch(Py::Exception& e) { QString err = Py::value(e).as_string().c_str(); e.clear(); throw Kross::Api::Exception::Ptr( new Kross::Api::Exception(QString("Function '%1' failed with python exception: %2").arg("compile_restricted").arg(err) ) ); } }

---

The documentation for this class was generated from the following files:

• pythonsecurity.h
• pythonsecurity.cpp

---