Edgewall Software

Opened 5 years ago

Last modified 18 months ago

#394 new enhancement

Allow custom loaders to also plug in custom AstTransformers

Reported by: Carsten Klein <carsten.klein@…> Owned by: cmlenz
Priority: major Milestone: 0.7
Component: General Version: 0.6
Keywords: Cc:


The current API does not allow templates to override the default AstTransformer?? defined in astutil#_compile.

However, classes derived from Code do allow overriding the default transformer.

It would be nice to have a custom loader also incorporate a custom AstTransformer??.

The main concern here is security, effectfully limiting python API access by a custom AstTransformer??.

As I see it, the markup template's init method would require an additional named parameter that by default would be set to none, e.g. xform=None.

That way, upon instantiation of either Suite or Expression, the specified AstTransformer?? could be passed as an alternative the the default transformer.

This would also be backwards compatible, so existing applications would not break.

See the attached patch which might provide such a solution.

The patch is currently untested.

Attachments (1)

external_ast_transformers.patch (21.0 KB) - added by Carsten Klein <carsten.klein@…> 5 years ago.

Download all attachments as: .zip

Change History (2)

Changed 5 years ago by Carsten Klein <carsten.klein@…>

comment:1 Changed 18 months ago by hodgestar

Note: It would be really hard to provide any meaningful security by examining the AST. Smart people have repeatedly failed to create Python sandboxes this way.

Add Comment

Modify Ticket

Change Properties
Set your email in Preferences
as new The owner will remain cmlenz.
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from cmlenz to the specified user. Next status will be 'new'.
The owner will be changed from cmlenz to anonymous. Next status will be 'assigned'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.