Merge branch 'master' into remove-len-on-write-wrapper

.travis.yml

@@ -5,7 +5,6 @@ python:
     - 3.4
     - 3.5
     - 3.6
-    - pypy-5.4
 env:
     - ENVIRON=py
     - ENVIRON=py27-rp3,py27-datetime,py36-datetime

README.rst

@@ -47,4 +47,6 @@ This example directly executed in Python could harm your system.
   ... os.listdir('/')
   ... """
   >>> byte_code = compile_restricted(source_code, '<inline>', 'exec')
-  >>> # exec(byte_code, safe_builtins, {})
+  >>> exec(byte_code, {'__builtins__': safe_builtins}, {})
+  Traceback (most recent call last):
+  ImportError: __import__ not found

docs/CHANGES.rst

@@ -4,7 +4,8 @@ Changes
 4.0a4 (unreleased)
 ------------------
 
-- Nothing changed yet.
+- Drop support of PyPy as there currently seems to be no way to restrict the
+  builtins. See https://bitbucket.org/pypy/pypy/issues/2653.
 
 
 4.0a3 (2017-06-20)

setup.cfg

@@ -21,6 +21,7 @@ test = pytest
 [tool:pytest]
 addopts =
 testpaths =
+    .
     tests
     src/RestrictedPython/tests
 

setup.py

@@ -47,7 +47,6 @@ def read(*rnames):
           'Programming Language :: Python :: 3.5',
           'Programming Language :: Python :: 3.6',
           'Programming Language :: Python :: Implementation :: CPython',
-          'Programming Language :: Python :: Implementation :: PyPy',
           'Topic :: Security',
       ],
       keywords='restricted execution security untrusted code',

src/RestrictedPython/README.rst

@@ -11,7 +11,7 @@ controlled and restricted execution of code:
   ... def hello_world():
   ...     return "Hello World!"
   ... '''
-  >>> from RestrictedPython.RCompile import compile_restricted
+  >>> from RestrictedPython import compile_restricted
   >>> code = compile_restricted(src, '<string>', 'exec')
 
 The resulting code can be executed using the ``exec`` built-in:
@@ -99,9 +99,10 @@ callable, from which the restricted machinery will create the object):
 
   >>> from RestrictedPython.PrintCollector import PrintCollector
   >>> _print_ = PrintCollector
+  >>> _getattr_ = getattr
 
   >>> src = '''
-  ... print "Hello World!"
+  ... print("Hello World!")
   ... '''
   >>> code = compile_restricted(src, '<string>', 'exec')
   >>> exec(code)
@@ -111,7 +112,7 @@ collector collects it.  We can have access to the text using the
 ``printed`` variable, though:
 
   >>> src = '''
-  ... print "Hello World!"
+  ... print("Hello World!")
   ... result = printed
   ... '''
   >>> code = compile_restricted(src, '<string>', 'exec')
@@ -133,7 +134,7 @@ unsafe operations, such as opening files:
   ... open('/etc/passwd')
   ... '''
   >>> code = compile_restricted(src, '<string>', 'exec')
-  >>> exec(code) in restricted_globals
+  >>> exec(code, restricted_globals)
   Traceback (most recent call last):
     ...
   NameError: name 'open' is not defined
@@ -158,7 +159,7 @@ Normally accessing attriutes works as expected, because we're using
 the standard ``getattr`` function for the ``_getattr_`` guard:
 
   >>> src = '''
-  ... print shed.colour
+  ... print(shed.colour)
   ... result = printed
   ... '''
   >>> code = compile_restricted(src, '<string>', 'exec')

src/RestrictedPython/transformer.py

@@ -486,13 +486,6 @@ def generic_visit(self, node):
 
         To access `generic_visit` on the super class use `node_contents_visit`.
         """
-        # TODO: To be discussed - For whom that info is relevant
-        # import warnings
-        # warnings.warn(
-        #     '{o.__class__.__name__}'
-        #     ' statement is not known to RestrictedPython'.format(node),
-        #     SyntaxWarning
-        # )
         self.warn(
             node,
             '{0.__class__.__name__}'
@@ -1345,7 +1338,6 @@ def visit_Nonlocal(self, node):
 
         This statement was introduced in Python 3.
         """
-        # TODO: Review if we want to allow it later
         self.not_allowed(node)
 
     def visit_ClassDef(self, node):

tests/test_imports.py

@@ -3,7 +3,6 @@
 """
 
 from RestrictedPython import safe_builtins
-from tests import c_exec
 from tests import e_exec
 
 import pytest
@@ -16,17 +15,17 @@
 """
 
 
-@pytest.mark.parametrize(*c_exec)
 @pytest.mark.parametrize(*e_exec)
-def test_os_import(c_exec, e_exec):
-    """Test that import should not work out of the box.
-    TODO: Why does this work.
+def test_os_import(e_exec):
+    """It does not allow to import anything by default.
+
+    The `__import__` function is not provided as it is not safe.
     """
-    result = c_exec(OS_IMPORT_EXAMPLE, safe_builtins)
-    # TODO: there is a tests/__init__.py problem, as it seems to pass the
-    #       safe_builtins into the compile function instead of the source.
-    assert result.code is None
-    # assert result.errors == ()
-
-    with pytest.raises(NameError):
-        e_exec(OS_IMPORT_EXAMPLE, safe_builtins)
+    # Caution: This test is broken on PyPy until the following issue is fixed:
+    # https://bitbucket.org/pypy/pypy/issues/2653
+    # PyPy currently ignores the restriction of the `__builtins__`.
+    glb = {'__builtins__': safe_builtins}
+
+    with pytest.raises(ImportError) as err:
+        e_exec(OS_IMPORT_EXAMPLE, glb)
+    assert '__import__ not found' == str(err.value)

tox.ini

@@ -7,7 +7,6 @@ envlist =
     py35,
     py36,
     py36-datetime,
-    pypy,
     docs,
     isort,
     flake8,
@@ -22,7 +21,7 @@ extras =
     test
 
 commands =
-    pytest --cov=src --cov-report=xml --html=reports/pytest/report-{envname}.html --self-contained-html {posargs}
+    pytest --cov=src --cov-report=xml --html=reports/pytest/report-{envname}.html --doctest-glob=*.rst --self-contained-html {posargs}
     pytest --doctest-modules src/RestrictedPython/compile.py {posargs}
 
 setenv =
@@ -48,7 +47,7 @@ deps =
 [testenv:py27-rp3]
 basepython = python2.7
 commands =
-    coverage run {envbindir}/zope-testrunner --path=src/RestrictedPython --all {posargs}
+    coverage run {envbindir}/zope-testrunner --path=src/RestrictedPython --all -v {posargs}
 deps =
     .[test]
     zope.testrunner