Whitelisting more builtin primitives #1435
Conversation
| @@ -38,6 +38,11 @@ def __call__(self): | |||
|
|
|||
|
|
|||
| class Python(BaseQueryRunner): | |||
| safe_builtins = ( | |||
| 'sorted', 'reversed', 'min', 'max', | |||
| 'sum', 'set', | |||
There was a problem hiding this comment.
To be explicit, sum and set are the additions here.
|
It seems these test failures are unrelated since other PRs are failing for the same reason. |
|
Yes, the failures are for a different reason. I'll sort it out. I assume you tested these changes locally? |
You would be assuming incorrectly. :( I haven't set up re:dash locally to run against. I can do that later. We run it in a docker container ourselves for production. |
|
I'm building docker container locally and testing this out now. In theory, this should work just fine. :) |
|
👍 it's quite easy to run the query runner alone, as it's just Python code. |
This is also a slight refactor to make it easier to expand on this list of builtins we allow. Also, doesn't mutate the global `safe_builtins` dict every time from `RestrictedPython`, instead, opts for copying the dict first.
mattrobenolt
force-pushed
the
safe-builtins
branch
from
494932a
to
bce2e33
Compare
|
Alright, couldn't get docker container running, but just got it running through python enough to get into the CLI. I did: as a test, so it appears that everything is patched in correctly. fwiw, when building from master in docker, I get the following JavaScript error when trying to go to the
|
|
How do you "build" the frontend code in your Docker image? Note that I wouldn't recommend using master for "production" usage at the moment. I merged earlier today big refactor of the frontend code, so there are some issues still. |
|
I just did |
|
Strange, that I would expect to work. I'll give it a look tomorrow. |
This is also a slight refactor to make it easier to expand on this list
of builtins we allow.
Also, doesn't mutate the global
safe_builtinsdict every time fromRestrictedPython, instead, opts for copying the dict first.