[Python-checkins] r55632 - in python/branches/bcannon-objcap: BRANCH_NOTES secure_python.c tests/fail/builtin_execfile--NameError.py tests/fail/builtin_open--NameError.py tests/fail/execfile__builtin__--AttributeError.py tests/fail/execfile__builtins__--AttributeError.py tests/fail/file_constructor--TypeError.py tests/fail/import_unsafe_builtin--ImportError.py tests/fail/import_unsafe_extension--ImportError.py tests/fail/open__builtin__--AttributeError.py tests/fail/open__builtins__--AttributeError.py tests/succeed/import_py.py tests/succeed/import_safe_builtin.py tests/succeed/import_safe_extension.py

brett.cannon python-checkins at python.org
Tue May 29 03:31:38 CEST 2007 

Author: brett.cannon
Date: Tue May 29 03:31:34 2007
New Revision: 55632

Modified:
   python/branches/bcannon-objcap/BRANCH_NOTES
   python/branches/bcannon-objcap/secure_python.c
   python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py
   python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py
   python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py
   python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py
   python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py
   python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py
   python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py
   python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py
   python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py
   python/branches/bcannon-objcap/tests/succeed/import_py.py
   python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py
   python/branches/bcannon-objcap/tests/succeed/import_safe_extension.py
Log:
Flesh out import tests along with built-in object access.


Modified: python/branches/bcannon-objcap/BRANCH_NOTES
==============================================================================
--- python/branches/bcannon-objcap/BRANCH_NOTES	(original)
+++ python/branches/bcannon-objcap/BRANCH_NOTES	Tue May 29 03:31:34 2007
@@ -3,17 +3,35 @@
 =======
 Attempt to develop some form of security model for Python.
 
-=====
-Usage
-=====
+
+==================
+Build instructions
+==================
 1. Build Python as normal.
 2. Run ``build_secure_py.sh`` to build ``secure_python.exe``.
 
-======
-Status
-======
-* Turn on whitelisting.
-    - Verify injecting 'open' into importlib works.
+
+=======
+Testing
+=======
+Execute ``run_security_tests.py`` with ``secure_python.exe`` to run security
+tests.  Do not expect normal tests to pass as critical modules might be blocked
+from being imported.
+
+
+=============
+Failing Tests
+=============
+* Lib/tests/test_xmlrpc.py
+    + Fails with insecure Python.
+    + Requires sys.setdefaultencoding() which is deleted by site.py .
+    + reload(sys) normally adds it, but hack to do a fresh import on sys is
+      preventing that from happening somehow.
+
+
+=====
+To Do
+=====
 * Write tests.
     - Import
         + Delegate protects importlib.
@@ -21,14 +39,10 @@
             * Name fall-through to alternate implementation.
         + '.hidden' cannot be imported.
         + Removed modules cannot be imported (unless whitelisted).
-    - Built-in namespace properly cleansed.
-        + Nothing exposed through __builtin__ or __builtins__.
+        + 'sys' not exposed on any modules needed for interpreter.
     - Types crippled.
-        + file
         + code
-* Fix 'sys' module reloading.
-    - test_xmlrpc relies on reloading sys to get setdefaultencoding, but hack
-      to allow re-import of sys doesn't let this work.
+
 
 ==========
 References

Modified: python/branches/bcannon-objcap/secure_python.c
==============================================================================
--- python/branches/bcannon-objcap/secure_python.c	(original)
+++ python/branches/bcannon-objcap/secure_python.c	Tue May 29 03:31:34 2007
@@ -27,6 +27,7 @@
     PyObject *import_module;
     PyObject *import_callable;
     Py_ssize_t safe_builtins_count = 7;
+    /* All whitelisted modules should be imported in the proper test file. */
     const char *safe_builtins_names[] = {"_ast", "_codecs", "_sre",
 					  "_symtable", "_types", "errno",
 					  "exceptions"};
@@ -34,9 +35,18 @@
     const char *safe_frozen_names[] = {};
     PyObject *safe_builtins_seq;
     PyObject *safe_frozen_seq;
-    Py_ssize_t safe_extensions_count = 5;
-    const char *safe_extensions_names[] = {"binascii", "cmath", "math",
-					    "operator", "time"};
+    Py_ssize_t safe_extensions_count = 18;
+    /* All whitelisted modules should be imported in the proper test file. */
+    const char *safe_extensions_names[] = {"_bisect", "_collections", "_csv",
+					   "_functools", "_hashlib",
+					   "_heapq", "_random",
+					   "_struct", "_weakref",
+					   "array",
+					   "binascii", "cmath",
+					   "itertools",
+					   "math",
+					   "operator",
+					   "time", "unicodedata", "zlib"};
     PyObject *safe_extensions_seq;
 
     /* Initialize interpreter.  */

Modified: python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""'execfile' should not be in the built-in namespace."""
 _ = execfile

Modified: python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""'open' should not be in the built-in namespace."""
 _  = open

Modified: python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py	Tue May 29 03:31:34 2007
@@ -1,2 +1,3 @@
+"""'execfile' should not be accessible from __builtin__."""
 import __builtin__
 __builtin__.execfile

Modified: python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""'execfile' should not be accessible from __builtins__."""
 __builtins__.execfile

Modified: python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""The constructor for 'file' should not work to open a file."""
 _ = file('README', 'r')

Modified: python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""You should not be able to import non-whitelisted modules, especially sys."""
 import sys

Modified: python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
-import termios
+"""Importing non-whitelisted extension modules should fail."""
+import thread

Modified: python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py	Tue May 29 03:31:34 2007
@@ -1,2 +1,3 @@
+"""'open' should not exist in __builtin__."""
 import __builtin__
 __builtin__.open

Modified: python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""'open' should not be in __builtins__."""
 __builtins__.open

Modified: python/branches/bcannon-objcap/tests/succeed/import_py.py
==============================================================================
--- python/branches/bcannon-objcap/tests/succeed/import_py.py	(original)
+++ python/branches/bcannon-objcap/tests/succeed/import_py.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""Make sure a Python source code file can be imported."""
 import token

Modified: python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py
==============================================================================
--- python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py	(original)
+++ python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py	Tue May 29 03:31:34 2007
@@ -1 +1,7 @@
+"""Make sure that all whitelisted built-in modules can be imported."""
+import _ast
+import _codecs
+import _sre
+import _types
 import errno
+import exceptions

Modified: python/branches/bcannon-objcap/tests/succeed/import_safe_extension.py
==============================================================================
--- python/branches/bcannon-objcap/tests/succeed/import_safe_extension.py	(original)
+++ python/branches/bcannon-objcap/tests/succeed/import_safe_extension.py	Tue May 29 03:31:34 2007
@@ -1 +1,19 @@
+"""All whitelisted extension modules should be able to be imported."""
+import _bisect
+import _collections
+import _csv
+import _functools
+import _hashlib
+import _heapq
+import _random
+import _struct
+import _weakref
+import array
+import binascii
+import cmath
+import itertools
+import math
+import operator
 import time
+import unicodedata
+import zlib

More information about the Python-checkins mailing list