Spaces:
Sleeping
Sleeping
A couple of minor updates
Browse files
restrictedpython_code_eval.py
CHANGED
|
@@ -26,10 +26,12 @@ import multiprocessing
|
|
| 26 |
import os
|
| 27 |
import platform
|
| 28 |
import signal
|
|
|
|
| 29 |
import tempfile
|
| 30 |
import types
|
| 31 |
from typing import Optional, Dict, List, Any
|
| 32 |
|
|
|
|
| 33 |
from collections import Counter, defaultdict
|
| 34 |
from concurrent.futures import ThreadPoolExecutor, as_completed
|
| 35 |
|
|
@@ -46,7 +48,8 @@ from RestrictedPython.Guards import guarded_iter_unpack_sequence, safer_getattr,
|
|
| 46 |
# patch their list implementation to allow empty lists and tuples
|
| 47 |
def limited_list(seq=None):
|
| 48 |
if isinstance(seq, str):
|
| 49 |
-
raise TypeError('cannot convert string to list')
|
|
|
|
| 50 |
return list(seq) if seq is not None else list()
|
| 51 |
|
| 52 |
|
|
@@ -55,7 +58,8 @@ limited_builtins['list'] = limited_list
|
|
| 55 |
|
| 56 |
def limited_tuple(seq=None):
|
| 57 |
if isinstance(seq, str):
|
| 58 |
-
raise TypeError('cannot convert string to tuple')
|
|
|
|
| 59 |
return tuple(seq) if seq is not None else tuple()
|
| 60 |
|
| 61 |
|
|
@@ -90,6 +94,9 @@ def limited_range(iFirst, *args):
|
|
| 90 |
limited_builtins['range'] = limited_range
|
| 91 |
|
| 92 |
|
|
|
|
|
|
|
|
|
|
| 93 |
def safer_getattr_allowing_string_format(object, name, default=None, getattr=getattr):
|
| 94 |
"""Getattr implementation allowing str.format(), but preventing access to
|
| 95 |
private attributes.
|
|
@@ -98,7 +105,7 @@ def safer_getattr_allowing_string_format(object, name, default=None, getattr=get
|
|
| 98 |
http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
|
| 99 |
|
| 100 |
"""
|
| 101 |
-
if name.startswith('_'):
|
| 102 |
raise AttributeError(
|
| 103 |
'"{name}" is an invalid attribute name because it '
|
| 104 |
'starts with "_"'.format(name=name)
|
|
@@ -394,6 +401,11 @@ def _check_correctness(check_program, timeout, task_id, completion_id,
|
|
| 394 |
return out_dict
|
| 395 |
|
| 396 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 397 |
class AllowListImporter:
|
| 398 |
def __init__(self, allowed_imports: List[str]):
|
| 399 |
self.allowed_imports = allowed_imports
|
|
@@ -408,6 +420,16 @@ class AllowListImporter:
|
|
| 408 |
else:
|
| 409 |
package_name = name
|
| 410 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 411 |
if package_name in self.allowed_imports:
|
| 412 |
return importlib.__import__(name, globals, locals, fromlist, level)
|
| 413 |
|
|
|
|
| 26 |
import os
|
| 27 |
import platform
|
| 28 |
import signal
|
| 29 |
+
import sys
|
| 30 |
import tempfile
|
| 31 |
import types
|
| 32 |
from typing import Optional, Dict, List, Any
|
| 33 |
|
| 34 |
+
|
| 35 |
from collections import Counter, defaultdict
|
| 36 |
from concurrent.futures import ThreadPoolExecutor, as_completed
|
| 37 |
|
|
|
|
| 48 |
# patch their list implementation to allow empty lists and tuples
|
| 49 |
def limited_list(seq=None):
|
| 50 |
if isinstance(seq, str):
|
| 51 |
+
# raise TypeError('cannot convert string to list')
|
| 52 |
+
return [c for c in seq]
|
| 53 |
return list(seq) if seq is not None else list()
|
| 54 |
|
| 55 |
|
|
|
|
| 58 |
|
| 59 |
def limited_tuple(seq=None):
|
| 60 |
if isinstance(seq, str):
|
| 61 |
+
# raise TypeError('cannot convert string to tuple')
|
| 62 |
+
return tuple([c for c in seq])
|
| 63 |
return tuple(seq) if seq is not None else tuple()
|
| 64 |
|
| 65 |
|
|
|
|
| 94 |
limited_builtins['range'] = limited_range
|
| 95 |
|
| 96 |
|
| 97 |
+
ALLOWED_UNDERSCORE_NAMES = ['__add__']
|
| 98 |
+
|
| 99 |
+
|
| 100 |
def safer_getattr_allowing_string_format(object, name, default=None, getattr=getattr):
|
| 101 |
"""Getattr implementation allowing str.format(), but preventing access to
|
| 102 |
private attributes.
|
|
|
|
| 105 |
http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
|
| 106 |
|
| 107 |
"""
|
| 108 |
+
if name.startswith('_') and name not in ALLOWED_UNDERSCORE_NAMES:
|
| 109 |
raise AttributeError(
|
| 110 |
'"{name}" is an invalid attribute name because it '
|
| 111 |
'starts with "_"'.format(name=name)
|
|
|
|
| 401 |
return out_dict
|
| 402 |
|
| 403 |
|
| 404 |
+
class LimitedSysModule:
|
| 405 |
+
def __init__(self):
|
| 406 |
+
self.maxsize = sys.maxsize
|
| 407 |
+
|
| 408 |
+
|
| 409 |
class AllowListImporter:
|
| 410 |
def __init__(self, allowed_imports: List[str]):
|
| 411 |
self.allowed_imports = allowed_imports
|
|
|
|
| 420 |
else:
|
| 421 |
package_name = name
|
| 422 |
|
| 423 |
+
if package_name == 'sys':
|
| 424 |
+
limited_sys = LimitedSysModule()
|
| 425 |
+
if name is None:
|
| 426 |
+
return limited_sys
|
| 427 |
+
|
| 428 |
+
if hasattr(limited_sys, name):
|
| 429 |
+
return getattr(limited_sys, name)
|
| 430 |
+
|
| 431 |
+
raise ImportError(f"Cannot import {name} from limited sys implementation.")
|
| 432 |
+
|
| 433 |
if package_name in self.allowed_imports:
|
| 434 |
return importlib.__import__(name, globals, locals, fromlist, level)
|
| 435 |
|