Tue May 29 03:31:38 CEST 2007

Author: brett.cannon
Date: Tue May 29 03:31:34 2007
New Revision: 55632
Modified:
 python/branches/bcannon-objcap/BRANCH_NOTES
 python/branches/bcannon-objcap/secure_python.c
 python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py
 python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py
 python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py
 python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py
 python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py
 python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py
 python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py
 python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py
 python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py
 python/branches/bcannon-objcap/tests/succeed/import_py.py
 python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py
 python/branches/bcannon-objcap/tests/succeed/import_safe_extension.py
Log:
Flesh out import tests along with built-in object access.
Modified: python/branches/bcannon-objcap/BRANCH_NOTES
==============================================================================

--- python/branches/bcannon-objcap/BRANCH_NOTES	(original)
+++ python/branches/bcannon-objcap/BRANCH_NOTES	Tue May 29 03:31:34 2007
@@ -3,17 +3,35 @@
 =======
 Attempt to develop some form of security model for Python.
 
-=====
-Usage
-=====
+
+==================
+Build instructions
+==================
 1. Build Python as normal.
 2. Run ``build_secure_py.sh`` to build ``secure_python.exe``.
 
-======
-Status
-======
-* Turn on whitelisting.
- - Verify injecting 'open' into importlib works.
+
+=======
+Testing
+=======
+Execute ``run_security_tests.py`` with ``secure_python.exe`` to run security
+tests. Do not expect normal tests to pass as critical modules might be blocked
+from being imported.
+
+
+=============
+Failing Tests
+=============
+* Lib/tests/test_xmlrpc.py
+ + Fails with insecure Python.
+ + Requires sys.setdefaultencoding() which is deleted by site.py .
+ + reload(sys) normally adds it, but hack to do a fresh import on sys is
+ preventing that from happening somehow.
+
+
+=====
+To Do
+=====
 * Write tests.
 - Import
 + Delegate protects importlib.
@@ -21,14 +39,10 @@
 * Name fall-through to alternate implementation.
 + '.hidden' cannot be imported.
 + Removed modules cannot be imported (unless whitelisted).
- - Built-in namespace properly cleansed.
- + Nothing exposed through __builtin__ or __builtins__.
+ + 'sys' not exposed on any modules needed for interpreter.
 - Types crippled.
- + file
 + code
-* Fix 'sys' module reloading.
- - test_xmlrpc relies on reloading sys to get setdefaultencoding, but hack
- to allow re-import of sys doesn't let this work.
+
 
 ==========
 References
Modified: python/branches/bcannon-objcap/secure_python.c
==============================================================================
--- python/branches/bcannon-objcap/secure_python.c	(original)
+++ python/branches/bcannon-objcap/secure_python.c	Tue May 29 03:31:34 2007
@@ -27,6 +27,7 @@
 PyObject *import_module;
 PyObject *import_callable;
 Py_ssize_t safe_builtins_count = 7;
+ /* All whitelisted modules should be imported in the proper test file. */
 const char *safe_builtins_names[] = {"_ast", "_codecs", "_sre",
 					 "_symtable", "_types", "errno",
 					 "exceptions"};
@@ -34,9 +35,18 @@
 const char *safe_frozen_names[] = {};
 PyObject *safe_builtins_seq;
 PyObject *safe_frozen_seq;
- Py_ssize_t safe_extensions_count = 5;
- const char *safe_extensions_names[] = {"binascii", "cmath", "math",
-					 "operator", "time"};
+ Py_ssize_t safe_extensions_count = 18;
+ /* All whitelisted modules should be imported in the proper test file. */
+ const char *safe_extensions_names[] = {"_bisect", "_collections", "_csv",
+					 "_functools", "_hashlib",
+					 "_heapq", "_random",
+					 "_struct", "_weakref",
+					 "array",
+					 "binascii", "cmath",
+					 "itertools",
+					 "math",
+					 "operator",
+					 "time", "unicodedata", "zlib"};
 PyObject *safe_extensions_seq;
 
 /* Initialize interpreter. */
Modified: python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/builtin_execfile--NameError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""'execfile' should not be in the built-in namespace."""
 _ = execfile
Modified: python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/builtin_open--NameError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""'open' should not be in the built-in namespace."""
 _ = open
Modified: python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/execfile__builtin__--AttributeError.py	Tue May 29 03:31:34 2007
@@ -1,2 +1,3 @@
+"""'execfile' should not be accessible from __builtin__."""
 import __builtin__
 __builtin__.execfile
Modified: python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/execfile__builtins__--AttributeError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""'execfile' should not be accessible from __builtins__."""
 __builtins__.execfile
Modified: python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/file_constructor--TypeError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""The constructor for 'file' should not work to open a file."""
 _ = file('README', 'r')
Modified: python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/import_unsafe_builtin--ImportError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""You should not be able to import non-whitelisted modules, especially sys."""
 import sys
Modified: python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/import_unsafe_extension--ImportError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
-import termios
+"""Importing non-whitelisted extension modules should fail."""
+import thread
Modified: python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/open__builtin__--AttributeError.py	Tue May 29 03:31:34 2007
@@ -1,2 +1,3 @@
+"""'open' should not exist in __builtin__."""
 import __builtin__
 __builtin__.open
Modified: python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py
==============================================================================
--- python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py	(original)
+++ python/branches/bcannon-objcap/tests/fail/open__builtins__--AttributeError.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""'open' should not be in __builtins__."""
 __builtins__.open
Modified: python/branches/bcannon-objcap/tests/succeed/import_py.py
==============================================================================
--- python/branches/bcannon-objcap/tests/succeed/import_py.py	(original)
+++ python/branches/bcannon-objcap/tests/succeed/import_py.py	Tue May 29 03:31:34 2007
@@ -1 +1,2 @@
+"""Make sure a Python source code file can be imported."""
 import token
Modified: python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py
==============================================================================
--- python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py	(original)
+++ python/branches/bcannon-objcap/tests/succeed/import_safe_builtin.py	Tue May 29 03:31:34 2007
@@ -1 +1,7 @@
+"""Make sure that all whitelisted built-in modules can be imported."""
+import _ast
+import _codecs
+import _sre
+import _types
 import errno
+import exceptions
Modified: python/branches/bcannon-objcap/tests/succeed/import_safe_extension.py
==============================================================================
--- python/branches/bcannon-objcap/tests/succeed/import_safe_extension.py	(original)
+++ python/branches/bcannon-objcap/tests/succeed/import_safe_extension.py	Tue May 29 03:31:34 2007
@@ -1 +1,19 @@
+"""All whitelisted extension modules should be able to be imported."""
+import _bisect
+import _collections
+import _csv
+import _functools
+import _hashlib
+import _heapq
+import _random
+import _struct
+import _weakref
+import array
+import binascii
+import cmath
+import itertools
+import math
+import operator
 import time
+import unicodedata
+import zlib
