March 2003
Intermediate to advanced
656 pages
39h 30m
English
Content preview from Python in a NutshellBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Name
Bastion
Synopsis
class Bastion(obj,filter=lambdan:n[:1]!='_',name=None)
A Bastion instance b
wrapping object obj exposes only those
methods of obj for whose name
filter returns true. An access
b.attr
works like:
iffilter('attr'): returnobj.attrelse: raise AttributeError, 'attr'
plus a check that
b.attr
is a method, not an attribute of any other type.
The default filter accepts all method
names that do not start with an underscore (_)
(i.e., all methods that are neither private nor special methods).
When name is not None,
repr(
b
)
is the string '<Bastion
for
name
>‘. When
name is None,
repr(
b
)
is '<Bastion
for
%s>' %
repr(
obj
).
Suppose, for example, that your application supplies a class
MyClass whose public methods are all safe, while
private and special methods, as well as attributes that are not
methods, should be hidden from untrusted code. In the sandbox, you
can provide a factory function that supplies safely wrapped instances
of MyClass to untrusted code as follows:
import rexec, Bastion
rex = rexec.RExec( )
burex = rex.add_module('__builtins__')
def SafeMyClassFactory(*args, **kwds):
return Bastion.Bastion(MyClass(*args, **kwds))
burex.MyClass = SafeMyClassFactoryNow, untrusted code that you run with rex.r_exec
can instantiate and use safely wrapped instances of
MyClass:
m = MyClass(1,2,3) m.somemethod(4,5)
However, any attempt by the untrusted code to access private or
special methods, even indirectly (e.g.,
m
[6]=7 indirectly tries
to use special method __setitem__ ...