Public Member Functions | |
| def | __init__ (self) |
| def | compile (self, expr) |
| def | eval (self, expr, locals) |
| def | f_default (self, expr, default=None) |
| def | f_escape (self, s, format="HTML") |
| def | f_exists (self, varname) |
| def | f_import (self, name, *_, **__) |
| def | f_setvar (self, name, expr) |
| def | register (self, name, obj) |
Public Attributes | |
| eval_allowed_globals | |
| locals_ptr | |
Static Public Attributes | |
| dictionary | safe_builtins |
Private Attributes | |
| _compile_cache | |
An eval-pseudo-sandbox.
The pseudo-sandbox restricts the available functions/objects, so the
code can only access:
- some of the builtin Python-functions, which are considered "safe"
(see safe_builtins)
- some additional functions (exists(), default(), setvar(), escape())
- the passed objects incl. their methods.
Additionally, names beginning with "_" are forbidden.
This is to prevent things like '0 .__class__', with which you could
easily break out of a "sandbox".
Be careful to only pass "safe" objects/functions to the template,
because any unsafe function/method could break the sandbox!
For maximum security, restrict the access to as few objects/functions
as possible!
:Warning:
Note that this is no real sandbox! (And although I don't know any
way to break out of the sandbox without passing-in an unsafe object,
I cannot guarantee that there is no such way. So use with care.)
Take care if you want to use it for untrusted code!!
Definition at line 772 of file pyratemp.py.
| def libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.__init__ | ( | self | ) |
Definition at line 840 of file pyratemp.py.
| def libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.compile | ( | self, | |
| expr | |||
| ) |
Compile a Python-eval-expression.
- Use a compile-cache.
- Raise a `NameError` if `expr` contains a name beginning with ``_``.
:Returns: the compiled `expr`
:Exceptions:
- `SyntaxError`: for compile-errors
- `NameError`: if expr contains a name beginning with ``_``
Definition at line 857 of file pyratemp.py.
| def libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.eval | ( | self, | |
| expr, | |||
| locals | |||
| ) |
Eval a Python-eval-expression. Sets ``self.locals_ptr`` to ``locales`` and compiles the code before evaluating.
Definition at line 876 of file pyratemp.py.
| def libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.f_default | ( | self, | |
| expr, | |||
default = None |
|||
| ) |
``default()`` for the sandboxed code.
Try to evaluate an expression and return the result or a
fallback-/default-value; the `default`-value is used
if `expr` does not exist/is invalid/results in None.
This is very useful for optional data.
:Parameter:
- expr: eval-expression
- default: fallback-falue if eval(expr) fails or is None.
:Returns:
the eval-result or the "fallback"-value.
:Note: the eval-expression has to be quoted! (like in eval)
:Example: see module-docstring
Definition at line 942 of file pyratemp.py.
| def libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.f_escape | ( | self, | |
| s, | |||
format = "HTML" |
|||
| ) |
``escape()`` for the sandboxed code.
Definition at line 979 of file pyratemp.py.
| def libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.f_exists | ( | self, | |
| varname | |||
| ) |
``exists()`` for the sandboxed code.
Test if the variable `varname` exists in the current locals-namespace.
This only works for single variable names. If you want to test
complicated expressions, use i.e. `default`.
(i.e. `default("expr",False)`)
:Note: the variable-name has to be quoted! (like in eval)
:Example: see module-docstring
Definition at line 928 of file pyratemp.py.
| def libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.f_import | ( | self, | |
| name, | |||
| * | _, | ||
| ** | __ | ||
| ) |
``import``/``__import__()`` for the sandboxed code.
Since "import" is insecure, the PseudoSandbox does not allow to
import other modules. But since some functions need to import
other modules (e.g. "datetime.datetime.strftime" imports "time"),
this function replaces the builtin "import" and allows to use
modules which are already accessible by the sandboxed code.
:Note:
- This probably only works for rather simple imports.
- For security, it may be better to avoid such (complex) modules
which import other modules. (e.g. use time.localtime and
time.strftime instead of datetime.datetime.strftime,
or write a small wrapper.)
:Example:
>>> from datetime import datetime
>>> import pyratemp
>>> t = pyratemp.Template('@!mytime.strftime("%H:%M:%S")!@')
# >>> print(t(mytime=datetime.now()))
# Traceback (most recent call last):
# ...
# ImportError: import not allowed in pseudo-sandbox; try to import 'time' yourself and pass it to the sandbox/template
>>> import time
>>> print(t(mytime=datetime.strptime("13:40:54", "%H:%M:%S"), time=time))
13:40:54
# >>> print(t(mytime=datetime.now(), time=time))
# 13:40:54
Definition at line 888 of file pyratemp.py.
| def libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.f_setvar | ( | self, | |
| name, | |||
| expr | |||
| ) |
``setvar()`` for the sandboxed code. Set a variable. :Example: see module-docstring
Definition at line 969 of file pyratemp.py.
| def libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.register | ( | self, | |
| name, | |||
| obj | |||
| ) |
Add an object to the "allowed eval-globals". Mainly useful to add user-defined functions to the pseudo-sandbox.
Definition at line 850 of file pyratemp.py.
|
private |
Definition at line 841 of file pyratemp.py.
| libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.eval_allowed_globals |
Definition at line 843 of file pyratemp.py.
| libuavcan_dsdl_compiler.pyratemp.EvalPseudoSandbox.locals_ptr |
Definition at line 842 of file pyratemp.py.
|
static |
Definition at line 800 of file pyratemp.py.