summaryrefslogtreecommitdiffstats
path: root/lib/kross/python/pythonsecurity.h
diff options
context:
space:
mode:
Diffstat (limited to 'lib/kross/python/pythonsecurity.h')
-rw-r--r--lib/kross/python/pythonsecurity.h109
1 files changed, 109 insertions, 0 deletions
diff --git a/lib/kross/python/pythonsecurity.h b/lib/kross/python/pythonsecurity.h
new file mode 100644
index 00000000..7ffbcfff
--- /dev/null
+++ b/lib/kross/python/pythonsecurity.h
@@ -0,0 +1,109 @@
+/***************************************************************************
+ * pythonsecurity.h
+ * This file is part of the KDE project
+ * copyright (C)2004-2005 by Sebastian Sauer ([email protected])
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ * You should have received a copy of the GNU Library General Public License
+ * along with this program; see the file COPYING. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ ***************************************************************************/
+
+#ifndef KROSS_PYTHON_SECURITY_H
+#define KROSS_PYTHON_SECURITY_H
+
+#include "pythonconfig.h"
+
+#include <qstring.h>
+
+namespace Kross { namespace Python {
+
+ // Forward declaration.
+ class PythonInterpreter;
+
+ /**
+ * This class handles the used Zope3 RestrictedPython
+ * package to spend a restricted sandbox for scripting
+ * code.
+ *
+ * The RestrictedPython code is avaible as Python files.
+ * So, this class takes care of loading them and spending
+ * the functions we need to access the functionality
+ * from within Kross. That way it's easy to update the
+ * module with a newer version if some security issues
+ * show up.
+ *
+ * What the RestrictedPython code does is to compile
+ * the plain python code (py) into compiled python code (pyc)
+ * and manipulate those compiled code by replacing unsafe
+ * code with own wrapped code.
+ * As example a simple "x = y.z" would be transfered to
+ * "x = _getattr_(y, 'z')". The _getattr_ is defined in
+ * the RestrictedPython module and will take care of
+ * applied restrictions.
+ *
+ * \see http://www.zope.org
+ * \see http://svn.zope.org/Zope3/trunk/src/RestrictedPython/
+ */
+ class PythonSecurity : public Py::ExtensionModule<PythonSecurity>
+ {
+ public:
+
+ /**
+ * Constructor.
+ *
+ * \param interpreter The \a PythonInterpreter instance
+ * used to create this Module.
+ */
+ explicit PythonSecurity(PythonInterpreter* interpreter);
+
+ /**
+ * Destructor.
+ */
+ virtual ~PythonSecurity();
+
+ /**
+ * Compile python scripting code and return a restricted
+ * code object.
+ *
+ * \param source The python scripting code.
+ * \param filename The filename used on errormessages.
+ * \param mode Compilemode, could be 'exec' or 'eval' or 'single'.
+ * \return The compiled python code object on success else
+ * NULL. The caller owns the resulting object and needs
+ * to take care to decrease the ref-counter it not needed
+ * any longer.
+ */
+ PyObject* compile_restricted(const QString& source, const QString& filename, const QString& mode);
+
+#if 0
+ //TODO
+ void compile_restricted_function(const Py::Tuple& args, const QString& body, const QString& name, const QString& filename, const Py::Object& globalize = Py::None());
+ void compile_restricted_exec(const QString& source, const QString& filename = "<string>");
+ void compile_restricted_eval(const QString& source, const QString& filename = "<string>");
+#endif
+
+ private:
+ /// We keep a pointer to the used \a PythonInterpreter.
+ PythonInterpreter* m_interpreter;
+ /// The imported external RestrictedPython module.
+ Py::Module* m_pymodule;
+
+ /// Initialize the restricted python module.
+ inline void initRestrictedPython();
+
+ /// Secure wrapper around the getattr method.
+ Py::Object _getattr_(const Py::Tuple&);
+ };
+
+}}
+
+#endif