Metadata-Version: 2.1
Name: RestrictedPython
Version: 5.2a1.dev0
Summary: RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
Home-page: https://github.com/zopefoundation/RestrictedPython
Author: Zope Foundation and Contributors
Author-email: zope-dev@zope.org
License: ZPL 2.1
Project-URL: Documentation, https://restrictedpython.readthedocs.io/
Project-URL: Source, https://github.com/zopefoundation/RestrictedPython
Project-URL: Tracker, https://github.com/zopefoundation/RestrictedPython/issues
Description: .. image:: https://api.travis-ci.com/zopefoundation/RestrictedPython.svg?branch=master
            :target: https://travis-ci.com/zopefoundation/RestrictedPython
        
        .. image:: https://coveralls.io/repos/github/zopefoundation/RestrictedPython/badge.svg?branch=master
            :target: https://coveralls.io/github/zopefoundation/RestrictedPython?branch=master
        
        .. image:: https://readthedocs.org/projects/restrictedpython/badge/
            :target: https://restrictedpython.readthedocs.org/
            :alt: Documentation Status
        
        .. image:: https://img.shields.io/pypi/v/RestrictedPython.svg
            :target: https://pypi.org/project/RestrictedPython/
            :alt: Current version on PyPI
        
        .. image:: https://img.shields.io/pypi/pyversions/RestrictedPython.svg
            :target: https://pypi.org/project/RestrictedPython/
            :alt: Supported Python versions
        
        .. image:: https://github.com/zopefoundation/RestrictedPython/raw/master/docs/logo.jpg
        
        ================
        RestrictedPython
        ================
        
        RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment.
        RestrictedPython is not a sandbox system or a secured environment, but it helps to define a trusted environment and execute untrusted code inside of it.
        
        .. warning::
        
           RestrictedPython only supports CPython. It does _not_ support PyPy and other Python implementations as it cannot provide its restrictions there.
        
        For full documentation please see http://restrictedpython.readthedocs.io/.
        
        Example
        =======
        
        To give a basic understanding what RestrictedPython does here two examples:
        
        An unproblematic code example
        -----------------------------
        
        Python allows you to execute a large set of commands.
        This would not harm any system.
        
        .. code-block:: pycon
        
            >>> from RestrictedPython import compile_restricted
            >>> from RestrictedPython import safe_globals
            >>>
            >>> source_code = """
            ... def example():
            ...     return 'Hello World!'
            ... """
            >>>
            >>> loc = {}
            >>> byte_code = compile_restricted(source_code, '<inline>', 'exec')
            >>> exec(byte_code, safe_globals, loc)
            >>>
            >>> loc['example']()
            'Hello World!'
        
        Problematic code example
        ------------------------
        
        This example directly executed in Python could harm your system.
        
        .. code-block:: pycon
        
            >>> from RestrictedPython import compile_restricted
            >>> from RestrictedPython import safe_globals
            >>>
            >>> source_code = """
            ... import os
            ...
            ... os.listdir('/')
            ... """
            >>> byte_code = compile_restricted(source_code, '<inline>', 'exec')
            >>> exec(byte_code, safe_globals, {})
            Traceback (most recent call last):
            ImportError: __import__ not found
        
        Changes
        =======
        
        5.2a1.dev0 (2021-10-28)
        -----------------------
        
        - Document that ``__name__`` is needed to define classes.
        
        - Allow to use the package with Python 3.10 -- Caution: No security audit has
          been done so far.
        
        
        5.1 (2020-10-07)
        ----------------
        
        Features
        ++++++++
        
        - Add support for (Python 3.8+) assignment expressions (i.e. the ``:=`` operator)
        
        - Add support for Python 3.9 after checking the security implications of the
          syntax changes made in that version.
        
        - Add support for the ``bytes`` and ``sorted`` builtins
          (`#186 <https://github.com/zopefoundation/RestrictedPython/issues/186>`_)
        
        Documentation
        +++++++++++++
        
        - Document parameter ``mode`` for the ``compile_restricted`` functions
          (`#157 <https://github.com/zopefoundation/RestrictedPython/issues/157>`_)
        
        - Fix documentation for ``compile_restricted_function``
          (`#158 <https://github.com/zopefoundation/RestrictedPython/issues/158>`_)
        
        Fixes
        +++++
        
        - Fix ``compile_restricted_function`` with SyntaxErrors that have no text
          (`#181 <https://github.com/zopefoundation/RestrictedPython/issues/181>`_)
        
        - Drop install dependency on ``setuptools``.
          (`#189 <https://github.com/zopefoundation/RestrictedPython/issues/189>`_)
        
        
        5.0 (2019-09-03)
        ----------------
        
        Breaking changes
        ++++++++++++++++
        
        - Revert the allowance of the ``...`` (Ellipsis) statement, as of 4.0. It is
          not needed to support Python 3.8.
          The security implications of the Ellipsis Statement is not 100 % clear and is
          not checked. ``...`` (Ellipsis) is disallowed again.
        
        Features
        ++++++++
        
        - Add support for f-strings in Python 3.6+.
          (`#123 <https://github.com/zopefoundation/RestrictedPython/issues/123>`_)
        
        
        4.0 (2019-05-10)
        ----------------
        
        Changes since 3.6.0:
        
        Breaking changes
        ++++++++++++++++
        
        - The ``compile_restricted*`` functions now return a
          ``namedtuple CompileResult`` instead of a simple ``tuple``.
        
        - Drop the old implementation of version 3.x: `RCompile.py`,
          `SelectCompiler.py`, `MutatingWorker.py`, `RestrictionMutator.py` and
          `tests/verify.py`.
        
        - Drop support for long-deprecated ``sets`` module.
        
        Security related issues
        +++++++++++++++++++++++
        
        - RestrictedPython now ships with a default implementation for
          ``_getattr_`` which prevents from using the ``format()`` method on
          str/unicode as it is not safe, see:
          http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
        
          **Caution:** If you do not already have secured the access to this
          ``format()`` method in your ``_getattr_`` implementation use
          ``RestrictedPython.Guards.safer_getattr()`` in your implementation to
          benefit from this fix.
        
        Features
        ++++++++
        
        - Mostly complete rewrite based on Python AST module.
          [loechel (Alexander Loechel), icemac (Michael Howitz),
          stephan-hof (Stephan Hofmockel), tlotze (Thomas Lotze)]
        
        - Add support for Python 3.5, 3.6, 3.7.
        
        - Add preliminary support for Python 3.8. as of 3.8.0a3 is released.
        
        - Warn when using another Python implementation than CPython as it is not safe
          to use RestrictedPython with other versions than CPyton.
          See https://bitbucket.org/pypy/pypy/issues/2653 for PyPy.
        
        - Allow the ``...`` (Ellipsis) statement. It is needed to support Python 3.8.
        
        - Allow `yield` and `yield from` statements.
          Generator functions would now work in RestrictedPython.
        
        - Allow the following magic methods to be defined on classes.
          (`#104 <https://github.com/zopefoundation/RestrictedPython/issues/104>`_)
          They cannot be called directly but by the built-in way to use them (e. g.
          class instantiation, or comparison):
        
          + ``__init__``
          + ``__contains__``
          + ``__lt__``
          + ``__le__``
          + ``__eq__``
          + ``__ne__``
          + ``__gt__``
          + ``__ge__``
        
        - Imports like ``from a import *`` (so called star imports) are now forbidden
          as they allow to import names starting with an underscore which could
          override protected build-ins.
          (`#102 <https://github.com/zopefoundation/RestrictedPython/issues/102>`_)
        
        - Allow to use list comprehensions in the default implementation of
          ``RestrictionCapableEval.eval()``.
        
        - Switch to pytest as test runner.
        
        - Bring test coverage to 100 %.
        
        Bug fixes
        +++++++++
        
        - Improve `.Guards.safer_getattr` to prevent accessing names starting with
          underscore.
          (`#142 <https://github.com/zopefoundation/RestrictedPython/issues/142>`_)
        
        
        3.6.0 (2010-07-09)
        ------------------
        
        - Add name check for names assigned during imports using the
          ``from x import y`` format.
        
        - Add test for name check when assigning an alias using multiple-context
          ``with`` statements in Python 2.7.
        
        - Add tests for protection of the iterators for dict and set comprehensions
          in Python 2.7.
        
        3.6.0a1 (2010-06-05)
        --------------------
        
        - Remove support for ``DocumentTemplate.sequence`` - this is handled in the
          DocumentTemplate package itself.
        
        3.5.2 (2010-04-30)
        ------------------
        
        - Remove a testing dependency on ``zope.testing``.
        
        3.5.1 (2009-03-17)
        ------------------
        
        - Add tests for ``Utilities`` module.
        
        - Filter DeprecationWarnings when importing Python's ``sets`` module.
        
        3.5.0 (2009-02-09)
        ------------------
        
        - Drop legacy support for Python 2.1 / 2.2 (``__future__`` imports
          of ``nested_scopes`` / ``generators``.).
        
        3.4.3 (2008-10-26)
        ------------------
        
        - Fix deprecation warning: ``with`` is now a reserved keyword on
          Python 2.6. That means RestrictedPython should run on Python 2.6
          now. Thanks to Ranjith Kannikara, GSoC Student for the patch.
        
        - Add tests for ternary if expression and for ``with`` keyword and
          context managers.
        
        3.4.2 (2007-07-28)
        ------------------
        
        - Changed homepage URL to the PyPI site
        
        - Improve ``README.txt``.
        
        3.4.1 (2007-06-23)
        ------------------
        
        - Fix http://www.zope.org/Collectors/Zope/2295: Bare conditional in
          a Zope 2 PythonScript followed by a comment causes SyntaxError.
        
        3.4.0 (2007-06-04)
        ------------------
        
        - RestrictedPython now has its own release cycle as a separate project.
        
        - Synchronized with RestrictedPython from Zope 2 tree.
        
        3.2.0 (2006-01-05)
        ------------------
        
        - Corresponds to the verison of the RestrictedPython package shipped
          as part of the Zope 3.2.0 release.
        
        - No changes from 3.1.0.
        
        3.1.0 (2005-10-03)
        ------------------
        
        - Corresponds to the verison of the RestrictedPython package shipped
          as part of the Zope 3.1.0 release.
        
        - Remove unused fossil module, ``SafeMapping``.
        
        - Replaced use of deprecated ``whrandom`` module with ``random`` (aliased
          to ``whrandom`` for backward compatibility).
        
        3.0.0 (2004-11-07)
        ------------------
        
        - Corresponds to the verison of the RestrictedPython package shipped
          as part of the Zope X3.0.0 release.
        
Keywords: restricted execution security untrusted code
Platform: UNKNOWN
Classifier: Development Status :: 6 - Mature
Classifier: License :: OSI Approved :: Zope Public License
Classifier: Programming Language :: Python
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Topic :: Security
Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <3.11
Description-Content-Type: text/x-rst
Provides-Extra: docs
Provides-Extra: test
