11\section {Standard Module \sectcode {rexec} }
22\label {module-rexec }
33\stmodindex {rexec}
4- \setindexsubitem {(in module rexec)}
4+
55
66This module contains the \class {RExec} class, which supports
7- \code {r_exec()}, \code {r_eval()}, \code {r_execfile()}, and
8- \code {r_import()} methods, which are restricted versions of the standard
9- Python functions \code {exec()}, \code {eval()}, \code {execfile()}, and
10- the \code {import} statement.
7+ \method {r_exec()}, \method {r_eval()}, \method {r_execfile()}, and
8+ \method {r_import()} methods, which are restricted versions of the standard
9+ Python functions \method {exec()}, \method {eval()}, \method {execfile()}, and
10+ the \keyword {import} statement.
1111Code executed in this restricted environment will
1212only have access to modules and functions that are deemed safe; you
1313can subclass \class {RExec} to add or remove capabilities as desired.
@@ -17,11 +17,11 @@ \section{Standard Module \sectcode{rexec}}
1717sockets. However, it does not protect against code using extremely
1818large amounts of memory or CPU time.
1919
20- \begin {funcdesc }{RExec}{\optional {hooks\optional {\ ,
20+ \begin {classdesc }{RExec}{\optional {hooks\optional {, verbose}}}
2121Returns an instance of the \class {RExec} class.
2222
23- \var {hooks} is an instance of the \code {RHooks} class or a subclass of it.
24- If it is omitted or \code {None}, the default \code {RHooks} class is
23+ \var {hooks} is an instance of the \class {RHooks} class or a subclass of it.
24+ If it is omitted or \code {None}, the default \class {RHooks} class is
2525instantiated.
2626Whenever the \module {RExec} module searches for a module (even a
2727built-in one) or reads a module's code, it doesn't actually go out to
@@ -41,10 +41,10 @@ \section{Standard Module \sectcode{rexec}}
4141
4242If \var {verbose} is true, additional debugging output may be sent to
4343standard output.
44- \end {funcdesc }
44+ \end {classdesc }
4545
4646The \class {RExec} class has the following class attributes, which are
47- used by the \code {__init__()} method. Changing them on an existing
47+ used by the \method {__init__()} method. Changing them on an existing
4848instance won't have any effect; instead, create a subclass of
4949\class {RExec} and assign them new values in the class definition.
5050Instances of the new class will then use those new values. All these
@@ -75,15 +75,15 @@ \section{Standard Module \sectcode{rexec}}
7575\end {datadesc }
7676
7777\begin {datadesc }{ok_path}
78- Contains the directories which will be searched when an \code {import}
78+ Contains the directories which will be searched when an \keyword {import}
7979is performed in the restricted environment.
8080The value for \class {RExec} is the same as \code {sys.path} (at the time
8181the module is loaded) for unrestricted code.
8282\end {datadesc }
8383
8484\begin {datadesc }{ok_posix_names}
8585% Should this be called ok_os_names?
86- Contains the names of the functions in the \code {os} module which will be
86+ Contains the names of the functions in the \module {os} module which will be
8787available to programs running in the restricted environment. The
8888value for \class {RExec} is \code {('error',} \code {'fstat',}
8989\code {'listdir',} \code {'lstat',} \code {'readlink',} \code {'stat',}
@@ -93,7 +93,7 @@ \section{Standard Module \sectcode{rexec}}
9393\end {datadesc }
9494
9595\begin {datadesc }{ok_sys_names}
96- Contains the names of the functions and variables in the \code {sys}
96+ Contains the names of the functions and variables in the \module {sys}
9797module which will be available to programs running in the restricted
9898environment. The value for \class {RExec} is \code {('ps1',}
9999\code {'ps2',} \code {'copyright',} \code {'version',} \code {'platform',}
@@ -106,25 +106,25 @@ \section{Standard Module \sectcode{rexec}}
106106\begin {funcdesc }{r_eval}{code}
107107\var {code} must either be a string containing a Python expression, or
108108a compiled code object, which will be evaluated in the restricted
109- environment's \code {__main__} module. The value of the expression or
109+ environment's \module {__main__} module. The value of the expression or
110110code object will be returned.
111111\end {funcdesc }
112112
113113\begin {funcdesc }{r_exec}{code}
114114\var {code} must either be a string containing one or more lines of
115115Python code, or a compiled code object, which will be executed in the
116- restricted environment's \code {__main__} module.
116+ restricted environment's \module {__main__} module.
117117\end {funcdesc }
118118
119119\begin {funcdesc }{r_execfile}{filename}
120120Execute the Python code contained in the file \var {filename} in the
121- restricted environment's \code {__main__} module.
121+ restricted environment's \module {__main__} module.
122122\end {funcdesc }
123123
124- Methods whose names begin with \code {s_} are similar to the functions
125- beginning with \code {r_}, but the code will be granted access to
124+ Methods whose names begin with \samp {s_} are similar to the functions
125+ beginning with \samp {r_}, but the code will be granted access to
126126restricted versions of the standard I/O streams \code {sys.stdin},
127- \code {sys.stderr}, and \code {sys.stdout}.
127+ \code {sys.stderr}, and \code {sys.stdout}.
128128
129129\begin {funcdesc }{s_eval}{code}
130130\var {code} must be a string containing a Python expression, which will
@@ -146,19 +146,19 @@ \section{Standard Module \sectcode{rexec}}
146146Overriding these methods in a subclass is used to change the policies
147147enforced by a restricted environment.
148148
149- \begin {funcdesc }{r_import}{modulename\optional {\ ,\ ,\ ,
150- Import the module \var {modulename}, raising an \code {ImportError}
149+ \begin {funcdesc }{r_import}{modulename\optional {, globals, locals, fromlist}}
150+ Import the module \var {modulename}, raising an \exception {ImportError}
151151exception if the module is considered unsafe.
152152\end {funcdesc }
153153
154154\begin {funcdesc }{r_open}{filename\optional {\, mode\optional {\, bufsize}}}
155- Method called when \code {open()} is called in the restricted
156- environment. The arguments are identical to those of \code {open()},
155+ Method called when \function {open()} is called in the restricted
156+ environment. The arguments are identical to those of \function {open()},
157157and a file object (or a class instance compatible with file objects)
158158should be returned. \class {RExec}'s default behaviour is allow opening
159159any file for reading, but forbidding any attempt to write a file. See
160160the example below for an implementation of a less restrictive
161- \code {r_open()}.
161+ \method {r_open()}.
162162\end {funcdesc }
163163
164164\begin {funcdesc }{r_reload}{module}
@@ -212,7 +212,7 @@ \subsection{An example}
212212Notice that the above code will occasionally forbid a perfectly valid
213213filename; for example, code in the restricted environment won't be
214214able to open a file called \file {/tmp/foo/../bar}. To fix this, the
215- \code {r_open} method would have to simplify the filename to
215+ \method {r_open() } method would have to simplify the filename to
216216\file {/tmp/bar}, which would require splitting apart the filename and
217217performing various operations on it. In cases where security is at
218218stake, it may be preferable to write simple code which is sometimes
0 commit comments