forked from vstinner/pysandbox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
58 lines (50 loc) · 2.12 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Major tasks
-----------
* FIXME: ReadOnlyList(list('abc')) == list('abc') is False
* Choose getModulePath() implementation (problem with "from encodings import
aliases")
* Python3: set/fix OBJECT_TYPES of proxy()
* Python3: allow __subclasses__ attribute?
* Write a test for traceback
* interpreter.py has a quit() builtin function (instance of site.Quitter)
which is not protected by a proxy
* safe_import(): from_list default value is mutable
* safe_open() should not use createReadOnlyObject(), but just hide the real
type
* Write a blacklist for ObjectProxy (eg. "__class__" attribute)
* Write a whitelist of modifiable attributes in ObjectProxy?
Problem of callback: have to be executed in the sandbox
Open questions
--------------
* A function keeps its func_globals. Is it a problem?
* A generator can be controled: .throw(), .send(), etc. Is it a problem if the
generator was created outside the sandbox?
* Move compile() builtin in its own feature (compile)?
Minor tasks
-----------
* Allow function.func_code again?
* Don't hide dict methods able to modify a dict (eg. dict.clear)
* Write a cache for safe_import. Reuse sys.modules???
* interpreter.py: import code module (InteractiveConsole) in the sandbox to
execute the whole interpreter in the sandbox
* Only instanciate each protection once?
* Write a test using class.mro()?
* __builtins__ can be redefined
* isinstance(createReadOnlyList(...), list) is False
* Write a whitelist for sys.path?
* Clear sys.modules?
* Improve type(open(...))(filename, "r") error message,
see test_import_sys_stdout()
Todo later
----------
* Check interaction with threads
* Check interaction with signals, eg. SIGALARM and SIGTERM
http://mail.python.org/pipermail/python-dev/2009-February/086425.html
* Check for function importing modules:
warnings imports modules
> if there are other non-user-initiated dynamically imported modules?
Grep the source for PyImport.
* RuntimeError: maximum recursion depth exceeded
import sys; sys.setrecursionlimit(50)
http://mail.python.org/pipermail/python-dev/2009-February/086463.html
* Limit memory usage