Kross: pythonsecurity.h Source File

00001 /***************************************************************************
00002  * pythonsecurity.h
00003  * This file is part of the KDE project
00004  * copyright (C)2004-2005 by Sebastian Sauer (mail@dipe.org)
00005  *
00006  * This program is free software; you can redistribute it and/or
00007  * modify it under the terms of the GNU Library General Public
00008  * License as published by the Free Software Foundation; either
00009  * version 2 of the License, or (at your option) any later version.
00010  * This program is distributed in the hope that it will be useful,
00011  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00013  * Library General Public License for more details.
00014  * You should have received a copy of the GNU Library General Public License
00015  * along with this program; see the file COPYING.  If not, write to
00016  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
00017  * Boston, MA 02110-1301, USA.
00018  ***************************************************************************/
00019 
00020 #ifndef KROSS_PYTHON_SECURITY_H
00021 #define KROSS_PYTHON_SECURITY_H
00022 
00023 #include "pythonconfig.h"
00024 
00025 #include <qstring.h>
00026 
00027 namespace Kross { namespace Python {
00028 
00029     // Forward declaration.
00030     class PythonInterpreter;
00031 
00032     /**
00033      * This class handles the used Zope3 RestrictedPython
00034      * package to spend a restricted sandbox for scripting
00035      * code.
00036      *
00037      * The RestrictedPython code is avaible as Python files.
00038      * So, this class takes care of loading them and spending
00039      * the functions we need to access the functionality
00040      * from within Kross. That way it's easy to update the
00041      * module with a newer version if some security issues
00042      * show up.
00043      *
00044      * What the RestrictedPython code does is to compile
00045      * the plain python code (py) into compiled python code (pyc)
00046      * and manipulate those compiled code by replacing unsafe
00047      * code with own wrapped code.
00048      * As example a simple "x = y.z" would be transfered to
00049      * "x = _getattr_(y, 'z')". The _getattr_ is defined in
00050      * the RestrictedPython module and will take care of
00051      * applied restrictions.
00052      *
00053      * \see http://www.zope.org
00054      * \see http://svn.zope.org/Zope3/trunk/src/RestrictedPython/
00055      */
00056     class PythonSecurity : public Py::ExtensionModule<PythonSecurity>
00057     {
00058         public:
00059 
00060             /**
00061              * Constructor.
00062              *
00063              * \param interpreter The \a PythonInterpreter instance
00064              *       used to create this Module.
00065              */
00066             explicit PythonSecurity(PythonInterpreter* interpreter);
00067 
00068             /**
00069              * Destructor.
00070              */
00071             virtual ~PythonSecurity();
00072 
00073             /**
00074              * Compile python scripting code and return a restricted
00075              * code object.
00076              *
00077              * \param source The python scripting code.
00078              * \param filename The filename used on errormessages.
00079              * \param mode Compilemode, could be 'exec' or 'eval' or 'single'.
00080              * \return The compiled python code object on success else 
00081              *         NULL. The caller owns the resulting object and needs
00082              *         to take care to decrease the ref-counter it not needed
00083              *         any longer.
00084              */
00085             PyObject* compile_restricted(const QString& source, const QString& filename, const QString& mode);
00086 
00087 #if 0
00088             //TODO
00089             void compile_restricted_function(const Py::Tuple& args, const QString& body, const QString& name, const QString& filename, const Py::Object& globalize = Py::None());
00090             void compile_restricted_exec(const QString& source, const QString& filename = "<string>");
00091             void compile_restricted_eval(const QString& source, const QString& filename = "<string>");
00092 #endif
00093 
00094         private:
00095             /// We keep a pointer to the used \a PythonInterpreter.
00096             PythonInterpreter* m_interpreter;
00097             /// The imported external RestrictedPython module.
00098             Py::Module* m_pymodule;
00099 
00100             /// Initialize the restricted python module.
00101             inline void initRestrictedPython();
00102 
00103             /// Secure wrapper around the getattr method.
00104             Py::Object _getattr_(const Py::Tuple&);
00105     };
00106 
00107 }}
00108 
00109 #endif