Bug 1264831 - Add a few presumably harmless builtins to the sandbox. r?gps
as well as os.path.normcase.
--- a/build/moz.configure/old.configure
+++ b/build/moz.configure/old.configure
@@ -341,17 +341,16 @@ def old_configure_options(*options):
# Below are the configure flags used by comm-central.
'--enable-ldap',
'--enable-mapi',
'--enable-calendar',
'--enable-incomplete-external-linkage',
)
@imports(_from='__builtin__', _import='compile')
@imports(_from='__builtin__', _import='open')
-@imports(_from='__builtin__', _import='zip')
@imports('logging')
@imports('os')
@imports('subprocess')
@imports('sys')
@imports(_from='mozbuild.shellutil', _import='quote')
def old_configure(prepare_configure, extra_old_configure_args, all_options,
*options):
cmd = prepare_configure
--- a/build/moz.configure/util.configure
+++ b/build/moz.configure/util.configure
@@ -95,17 +95,16 @@ def namespace(**kwargs):
# of a @depends function in a non-immediate manner.
# @depends('--option')
# def option(value)
# return namespace(foo=value)
# set_config('FOO', delayed_getattr(option, 'foo')
@template
def delayed_getattr(func, key):
@depends(func)
- @imports(_from='__builtin__', _import='getattr')
def result(value):
# The @depends function we're being passed may have returned
# None, or an object that simply doesn't have the wanted key.
# In that case, just return None.
return getattr(value, key, None)
return result
--- a/python/mozbuild/mozbuild/configure/__init__.py
+++ b/python/mozbuild/mozbuild/configure/__init__.py
@@ -88,24 +88,26 @@ class ConfigureSandbox(dict):
do_stuff(config)
"""
# The default set of builtins. We expose unicode as str to make sandboxed
# files more python3-ready.
BUILTINS = ReadOnlyDict({
b: __builtins__[b]
for b in ('None', 'False', 'True', 'int', 'bool', 'any', 'all', 'len',
- 'list', 'tuple', 'set', 'dict', 'isinstance')
+ 'list', 'tuple', 'set', 'dict', 'isinstance', 'getattr',
+ 'hasattr', 'enumerate', 'range', 'zip')
}, __import__=forbidden_import, str=unicode)
# Expose a limited set of functions from os.path
OS = ReadOnlyNamespace(path=ReadOnlyNamespace(**{
k: getattr(mozpath, k, getattr(os.path, k))
for k in ('abspath', 'basename', 'dirname', 'exists', 'isabs', 'isdir',
- 'isfile', 'join', 'normpath', 'realpath', 'relpath')
+ 'isfile', 'join', 'normcase', 'normpath', 'realpath',
+ 'relpath')
}))
def __init__(self, config, environ=os.environ, argv=sys.argv,
stdout=sys.stdout, stderr=sys.stderr, logger=None):
dict.__setitem__(self, '__builtins__', self.BUILTINS)
self._paths = []
self._all_paths = set()
--- a/python/mozbuild/mozbuild/test/configure/data/moz.configure
+++ b/python/mozbuild/mozbuild/test/configure/data/moz.configure
@@ -155,22 +155,20 @@ def with_imports(value):
return os.path.isfile(value[0])
set_config('IS_FILE', with_imports)
# It is still possible to import the full set from os.path.
# It is also possible to cherry-pick builtins.
@depends('--with-imports')
@imports('os.path')
-@imports(_from='__builtin__', _import='hasattr')
def with_imports(value):
if len(value):
return hasattr(os.path, 'getatime')
set_config('HAS_GETATIME', with_imports)
@depends('--with-imports')
-@imports(_from='__builtin__', _import='hasattr')
def with_imports(value):
if len(value):
return hasattr(os.path, 'getatime')
set_config('HAS_GETATIME2', with_imports)