summaryrefslogtreecommitdiffstats
path: root/lib/kross/python/pythonsecurity.h
blob: 7ffbcfff6f856d85a963cf417e9f613988df07f1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
/***************************************************************************
 * pythonsecurity.h
 * This file is part of the KDE project
 * copyright (C)2004-2005 by Sebastian Sauer (mail@dipe.org)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 * You should have received a copy of the GNU Library General Public License
 * along with this program; see the file COPYING.  If not, write to
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301, USA.
 ***************************************************************************/

#ifndef KROSS_PYTHON_SECURITY_H
#define KROSS_PYTHON_SECURITY_H

#include "pythonconfig.h"

#include <qstring.h>

namespace Kross { namespace Python {

    // Forward declaration.
    class PythonInterpreter;

    /**
     * This class handles the used Zope3 RestrictedPython
     * package to spend a restricted sandbox for scripting
     * code.
     *
     * The RestrictedPython code is avaible as Python files.
     * So, this class takes care of loading them and spending
     * the functions we need to access the functionality
     * from within Kross. That way it's easy to update the
     * module with a newer version if some security issues
     * show up.
     *
     * What the RestrictedPython code does is to compile
     * the plain python code (py) into compiled python code (pyc)
     * and manipulate those compiled code by replacing unsafe
     * code with own wrapped code.
     * As example a simple "x = y.z" would be transfered to
     * "x = _getattr_(y, 'z')". The _getattr_ is defined in
     * the RestrictedPython module and will take care of
     * applied restrictions.
     *
     * \see http://www.zope.org
     * \see http://svn.zope.org/Zope3/trunk/src/RestrictedPython/
     */
    class PythonSecurity : public Py::ExtensionModule<PythonSecurity>
    {
        public:

            /**
             * Constructor.
             *
             * \param interpreter The \a PythonInterpreter instance
             *       used to create this Module.
             */
            explicit PythonSecurity(PythonInterpreter* interpreter);

            /**
             * Destructor.
             */
            virtual ~PythonSecurity();

            /**
             * Compile python scripting code and return a restricted
             * code object.
             *
             * \param source The python scripting code.
             * \param filename The filename used on errormessages.
             * \param mode Compilemode, could be 'exec' or 'eval' or 'single'.
             * \return The compiled python code object on success else 
             *         NULL. The caller owns the resulting object and needs
             *         to take care to decrease the ref-counter it not needed
             *         any longer.
             */
            PyObject* compile_restricted(const QString& source, const QString& filename, const QString& mode);

#if 0
            //TODO
            void compile_restricted_function(const Py::Tuple& args, const QString& body, const QString& name, const QString& filename, const Py::Object& globalize = Py::None());
            void compile_restricted_exec(const QString& source, const QString& filename = "<string>");
            void compile_restricted_eval(const QString& source, const QString& filename = "<string>");
#endif

        private:
            /// We keep a pointer to the used \a PythonInterpreter.
            PythonInterpreter* m_interpreter;
            /// The imported external RestrictedPython module.
            Py::Module* m_pymodule;

            /// Initialize the restricted python module.
            inline void initRestrictedPython();

            /// Secure wrapper around the getattr method.
            Py::Object _getattr_(const Py::Tuple&);
    };

}}

#endif