Home | Trees | Index | Help |
---|
|
1 ############################################################################## 2 # 3 # Zope Public License (ZPL) Version 1.0 4 # ------------------------------------- 5 # 6 # Copyright (c) Digital Creations. All rights reserved. 7 # 8 # This license has been certified as Open Source(tm). 9 # 10 # Redistribution and use in source and binary forms, with or without 11 # modification, are permitted provided that the following conditions are 12 # met: 13 # 14 # 1. Redistributions in source code must retain the above copyright 15 # notice, this list of conditions, and the following disclaimer. 16 # 17 # 2. Redistributions in binary form must reproduce the above copyright 18 # notice, this list of conditions, and the following disclaimer in 19 # the documentation and/or other materials provided with the 20 # distribution. 21 # 22 # 3. Digital Creations requests that attribution be given to Zope 23 # in any manner possible. Zope includes a "Powered by Zope" 24 # button that is installed by default. While it is not a license 25 # violation to remove this button, it is requested that the 26 # attribution remain. A significant investment has been put 27 # into Zope, and this effort will continue if the Zope community 28 # continues to grow. This is one way to assure that growth. 29 # 30 # 4. All advertising materials and documentation mentioning 31 # features derived from or use of this software must display 32 # the following acknowledgement: 33 # 34 # "This product includes software developed by Digital Creations 35 # for use in the Z Object Publishing Environment 36 # (http://www.zope.org/)." 37 # 38 # In the event that the product being advertised includes an 39 # intact Zope distribution (with copyright and license included) 40 # then this clause is waived. 41 # 42 # 5. Names associated with Zope or Digital Creations must not be used to 43 # endorse or promote products derived from this software without 44 # prior written permission from Digital Creations. 45 # 46 # 6. Modified redistributions of any form whatsoever must retain 47 # the following acknowledgment: 48 # 49 # "This product includes software developed by Digital Creations 50 # for use in the Z Object Publishing Environment 51 # (http://www.zope.org/)." 52 # 53 # Intact (re-)distributions of any official Zope release do not 54 # require an external acknowledgement. 55 # 56 # 7. Modifications are encouraged but must be packaged separately as 57 # patches to official Zope releases. Distributions that do not 58 # clearly separate the patches from the original work must be clearly 59 # labeled as unofficial distributions. Modifications which do not 60 # carry the name Zope may be packaged in any form, as long as they 61 # conform to all of the clauses above. 62 # 63 # 64 # Disclaimer 65 # 66 # THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY 67 # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 68 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 69 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DIGITAL CREATIONS OR ITS 70 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 71 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 72 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 73 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 74 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 75 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 76 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 77 # SUCH DAMAGE. 78 # 79 # 80 # This software consists of contributions made by Digital Creations and 81 # many individuals on behalf of Digital Creations. Specific 82 # attributions are listed in the accompanying credits file. 83 # 84 ############################################################################## 85 """Very Safe Python Expressions 86 """ 87 __rcs_id__='$Id: VSEval.py 694 2003-04-16 02:53:50Z sc $' 88 __version__='$Revision: 694 $'[11:-2] 89 90 from string import translate, strip 91 import string 92 gparse=None 93 94 nltosp=string.maketrans('\r\n',' ') 95 101103 # r = result (product of all factors) 104 # c = count (product of all non-sequence factors) 105 # s flags whether any of the factors is a sequence 106 r=c=1 107 s=None 108 for factor in factors: 109 try: 110 l=len(factor) 111 s=1 112 except TypeError: 113 c=c*factor 114 if s and c > 1000: 115 raise TypeError, \ 116 'Illegal sequence repeat (too many repetitions: %d)' % c 117 r=r*factor 118 return r119 120 121 default_globals={ 122 '__builtins__':{}, 123 '__guarded_mul__': careful_mul, 124 '__guarded_getattr__': lambda env, inst, name: getattr(inst, name), 125 '__guarded_getitem__': lambda env, coll, key: coll[key], 126 '__guarded_getslice__': default_slicer, 127 } 128 129 130132 """Provide a very-safe environment for evaluating expressions 133 134 This class lets you overide operations, __power__, __mul__, 135 __div__, __mod__, __add__, __sub__, __getitem__, __lshift__, 136 __rshift__, __and__, __xor__, __or__,__pos__, __neg__, __not__, 137 __repr__, __invert__, and __getattr__. 138 139 For example, __mult__ might be overridden to prevent expressions like:: 140 141 'I like spam' * 100000000 142 143 or to disallow or limit attribute access. 144 145 """ 146212 213 compiled_getattr=compile( 214 'def _getattr(o,n): return __guarded_getattr__(_vars,o,n)', 215 '<string>','exec') 216148 """Create a 'safe' expression 149 150 where: 151 152 expr -- a string containing the expression to be evaluated. 153 154 globals -- A global namespace. 155 """ 156 global gparse 157 if gparse is None: import gparse 158 159 expr=strip(expr) 160 161 self.__name__=expr 162 expr=translate(expr,nltosp) 163 self.expr=expr 164 self.globals=globals 165 166 co=compile(expr,'<string>','eval') 167 168 names=list(co.co_names) 169 170 # Check for valid names, disallowing names that begin with '_' or 171 # 'manage'. This is a DC specific rule and probably needs to be 172 # made customizable! 173 for name in names: 174 if name[:1]=='_' and name not in ('_', '_vars', '_getattr'): 175 raise TypeError, 'illegal name used in expression' 176 177 used={} 178 179 i=0 180 code=co.co_code 181 l=len(code) 182 LOAD_NAME=101 183 HAVE_ARGUMENT=90 185 while(i < l): 186 c=ord(code[i]) 187 if c==LOAD_NAME: 188 name=names[ord(code[i+1])+256*ord(code[i+2])] 189 used[name]=1 190 i=i+3 191 elif c >= HAVE_ARGUMENT: i=i+3 192 else: i=i+1 193 194 self.code=gparse.compile(expr,'<string>','eval') 195 self.used=tuple(used.keys())196198 d={'_vars': mapping} 199 code=self.code 200 globals=self.globals 201 for name in self.used: 202 try: d[name]=mapping.getitem(name,0) 203 except KeyError: 204 if name=='_getattr': 205 d['__builtins__']=globals 206 exec compiled_getattr in d 207 208 return eval(code,globals,d)209211 return eval(self.code, self.globals, kw)
Home | Trees | Index | Help |
---|
Generated by Epydoc 3.0alpha2 on Fri Sep 28 00:59:45 2007 | http://epydoc.sf.net |