On 8/23/2012 9:11 AM, Hanno Schlichting wrote:
Instead of using Python's ast module, you can also do a simple trick
with the exec statement and limit the global scope and only allow
certain whitelisted names. An example implementation is at
https://gist.github.com/3437909. Download it as restricted.py, put it
into a directory next to an empty Python file called evil.py and run
"python restricted.py evil.py
This is so awesome and simple I just had to try it out!
I've built what *could* become the underpinnings of our new build system
using this technique.
Results are checked in at [1]. Code for doing the file loading is at
[2]. It's not perfect, but the proof-of-concept is solid enough. It's
also fast. My machine is reading 159 files in ~30ms. That's with a
single thread too. Granted, it isn't doing anything too complicated yet.
A typical frontend file is at [3]. An uglier one is at [4]. I only
ported the DIRS and TIERS variables, so it isn't too indicative of the
final product.
Obviously there is no shortage of things to bike shed about. But, it's a
start.
Mike Hommey just updated the comparison wiki page [5] with an INI format
that looks pretty clean. I may give it the same porting treatment so
people can compare on a larger scale...
[1] https://github.com/indygreg/mozilla-central/tree/python-build-files
[2]
https://github.com/indygreg/mozilla-central/blob/python-build-files/python/mozbuild/mozbuild/frontend/reader.py
[3]
https://github.com/indygreg/mozilla-central/blob/python-build-files/browser/components/build.mozbuild
[4]
https://github.com/indygreg/mozilla-central/blob/python-build-files/build.mozbuild
[5] https://wiki.mozilla.org/User:Gszorc/Build_frontend_shootout
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
