{"id":1873,"date":"2016-10-26T16:05:28","date_gmt":"2016-10-26T14:05:28","guid":{"rendered":"http:\/\/blog.gocept.com\/?p=1873"},"modified":"2016-10-27T08:26:13","modified_gmt":"2016-10-27T06:26:13","slug":"towards-restrictedpython-3","status":"publish","type":"post","link":"https:\/\/blog.gocept.com\/2016\/10\/26\/towards-restrictedpython-3\/","title":{"rendered":"Towards RestrictedPython 3"},"content":{"rendered":"<p>The biggest blocker to port Zope to Python 3 is\u00a0<a href=\"https:\/\/github.com\/zopefoundation\/RestrictedPython\" target=\"_blank\">RestrictedPython<\/a>.<\/p>\n<p><strong>What is RestrictedPython?<\/strong><\/p>\n<p>It is a library used by Zope to restrict Python code at instruction level to a bare minimum of trusted functionality. It\u00a0parses and filters the code for not\u00a0allowed constructs (such as\u00a0<span style=\"background-color:#e9eff3;\"><code>open()<\/code><\/span>) and adds wrappers around\u00a0each access on attributes or items. These wrappers can be used by Zope to\u00a0enforce access control\u00a0on objects in the ZODB without requiring manual checks in the code.<\/p>\n<p><strong>Why\u00a0is RestrictedPython needed?<\/strong><\/p>\n<p>Zope allows writing Python code in the\u00a0Zope management interface (ZMI) using a\u00a0web browser (&#8220;through the web&#8221; aka TTW). This code is stored in the ZODB. The code is executed on the server. It would be\u00a0dangerous to allow a user to execute arbitrary code with the rights of the web server process.\u00a0That&#8217;s why the code is filtered through RestrictedPython to\u00a0make sure this approach is not a complete security hole.<\/p>\n<p>RestrictedPython is used in many places of Zope as part of its security model. An experiment on the\u00a0<a href=\"http:\/\/blog.gocept.com\/2016\/10\/04\/zope-resurrection-part-2-defibrillation\/\">Zope Resurrection Sprint<\/a>\u00a0showed that it would be really hard to create a Zope version which does not need RestrictedPython thus removing\u00a0the TTW approach.<\/p>\n<p><strong>What is the problem porting RestrictedPython to Python 3?<\/strong><\/p>\n<p>RestrictedPython\u00a0relies on the <code>compiler<\/code>\u00a0package of\u00a0the Python standard library. This package no longer exists in Python 3 because it was poorly documented, unmaintained and out of sync with the compiler Python uses itself. (There are whisperings that it was only kept because of Zope.)<\/p>\n<p>Since Python 2.6 there is a new\u00a0<code>ast<\/code>\u00a0module in the Python standard library which is not a direct replacement for <code>compiler.<\/code>\u00a0There is no documentation how to replace <code>compiler<\/code>\u00a0by <code>ast.<\/code><\/p>\n<p><strong>What is the current status?<\/strong><\/p>\n<p>Several people already worked on various Plone and Zope sprints and mostly in their spare time\u00a0on a <a href=\"https:\/\/github.com\/zopefoundation\/RestrictedPython\/tree\/Python3_update\" target=\"_blank\">Python 3 branch of RestrictedPython<\/a>\u00a0to find out how this package works and to start porting some of its functionality as a proof of concept. It seems to be possible to use <code>ast<\/code>\u00a0as the new base for RestrictedPython. Probably the external API of RestrictedPython could be kept stable. But\u00a0packages using or extending some of the internals of RestrictedPython might\u00a0need to be updated as well.<\/p>\n<p><strong>What are the next steps?<\/strong><\/p>\n<p>Many Zope and Plone packages depend on RestrictedPython\u00a0directly (like AccessControl\u00a0or\u00a0Products.ZCatalog) or indirectly (like\u00a0Products.PythonScripts,\u00a0plone.app.event\u00a0or even\u00a0plone.app.dexterity).<\/p>\n<p>When\u00a0RestrictedPython has successfully been tested against these\u00a0packages porting them can start. There is a nice\u00a0<a href=\"http:\/\/jenkins.plone.org\/py3\" target=\"_blank\">list of all Plone 5.1 dependencies<\/a>\u00a0and their status regarding Python 3.<\/p>\n<p>Our goal is to complete porting RestrictedPython by the end of March 2017. It\u00a0opens up the\u00a0possibility guiding\u00a0<a href=\"http:\/\/blog.gocept.com\/2016\/09\/05\/zope-in-the-python-3-wonderland\/\">Zope into the Python 3 wonderland<\/a> by the end of 2017. This\u00a0is\u00a0ambitious, especially if the work is done in spare time besides the daily customer work. You can help us by either contributing PullRequests\u00a0via\u00a0<a href=\"https:\/\/github.com\/zopefoundation\/RestrictedPython\/pulls\">Github<\/a>\u00a0or\u00a0review them.<\/p>\n<p>We are planning two Zope sprints in spring and autumn 2017. Furthermore\u00a0we are grateful for each and every kind of support.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The biggest blocker to port Zope to Python 3 is\u00a0RestrictedPython. What is RestrictedPython? It is a library used by Zope to restrict Python code at instruction level to a bare minimum of trusted functionality. It\u00a0parses and filters the code for not\u00a0allowed constructs (such as\u00a0open()) and adds wrappers around\u00a0each access on attributes or items. These wrappers &hellip; <a href=\"https:\/\/blog.gocept.com\/2016\/10\/26\/towards-restrictedpython-3\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Towards RestrictedPython 3&#8221;<\/span><\/a><\/p>\n","protected":false},"author":15344399,"featured_media":2098,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[10221],"tags":[1158,196,832,581,72208],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2016\/10\/zope-is-not-dead.jpg?fit=3264%2C1789&ssl=1","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pFP3y-ud","jetpack-related-posts":[{"id":1558,"url":"https:\/\/blog.gocept.com\/2016\/09\/05\/zope-in-the-python-3-wonderland\/","url_meta":{"origin":1873,"position":0},"title":"Zope in the Python 3 wonderland","author":"Michael Howitz","date":"September 5, 2016","format":false,"excerpt":"A little tale Once upon the time there was the\u00a0big mighty Zope II. It was one of the leaders in the Python land. It had mighty features like TTW (trough the web) development\u00a0and its own object oriented database. Many\u00a0people liked Zope II and trusted it to be the basis for\u2026","rel":"","context":"In &quot;en&quot;","block_context":{"text":"en","link":"https:\/\/blog.gocept.com\/category\/en\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3312,"url":"https:\/\/blog.gocept.com\/2019\/05\/10\/celebration-zope-4-final-release\/","url_meta":{"origin":1873,"position":1},"title":"Celebration: Zope 4 final release","author":"Michael Howitz","date":"May 10, 2019","format":false,"excerpt":"TL;DR: Zope 4 beta phase ended, final version released! After hard, long years of preparation Earl Zope now finally made it to get a permanent license for the Python 3 wonderland: In September 2016 almost 20 people started with the reanimation of Zope at the Zope Resurrection sprint. This marked\u2026","rel":"","context":"In &quot;en&quot;","block_context":{"text":"en","link":"https:\/\/blog.gocept.com\/category\/en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2019\/05\/fireworks-945386_1920.jpg?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2019\/05\/fireworks-945386_1920.jpg?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2019\/05\/fireworks-945386_1920.jpg?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2019\/05\/fireworks-945386_1920.jpg?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2019\/05\/fireworks-945386_1920.jpg?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":2205,"url":"https:\/\/blog.gocept.com\/2017\/03\/24\/sprinting-to-push-zope-to-the-python-3-wonderland\/","url_meta":{"origin":1873,"position":2},"title":"Sprinting to push Zope to the Python 3 wonderland","author":"Michael Howitz","date":"March 24, 2017","format":false,"excerpt":"Earlier this year there was a sprint in Innsbruck, Austria. We made progress in porting Zope to Python 3 by working on RestrictedPython. After this\u00a0sprint RestrictedPython no longer seems to be a blocker to port the parts of Zope which rely on RestrictedPython to Python 3. See the full sprint\u2026","rel":"","context":"In &quot;en&quot;","block_context":{"text":"en","link":"https:\/\/blog.gocept.com\/category\/en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/03\/imgp3484-e1490347089570.jpg?fit=1200%2C507&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/03\/imgp3484-e1490347089570.jpg?fit=1200%2C507&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/03\/imgp3484-e1490347089570.jpg?fit=1200%2C507&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/03\/imgp3484-e1490347089570.jpg?fit=1200%2C507&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/03\/imgp3484-e1490347089570.jpg?fit=1200%2C507&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":2407,"url":"https:\/\/blog.gocept.com\/2017\/05\/05\/zope-2-resurrection-sprint-goal-accomplished\/","url_meta":{"origin":1873,"position":3},"title":"Zope 2 Resurrection Sprint \u2013 Goal accomplished","author":"Michael Howitz","date":"May 5, 2017","format":false,"excerpt":"The sprint days were really busy for\u00a0Earl Zope II\u00a0and the people helping him with the Python 3 wonderland immigration authorities. Zope can be installed using Python 3 can be started and renders some views has more than 1.700 of more than 2.300 tests running has some\u00a0optional dependencies left to be\u2026","rel":"","context":"In &quot;en&quot;","block_context":{"text":"en","link":"https:\/\/blog.gocept.com\/category\/en\/"},"img":{"alt_text":"Many screens","src":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/05\/img_20170503_183916-e1493991770316.jpg?fit=1200%2C943&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/05\/img_20170503_183916-e1493991770316.jpg?fit=1200%2C943&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/05\/img_20170503_183916-e1493991770316.jpg?fit=1200%2C943&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/05\/img_20170503_183916-e1493991770316.jpg?fit=1200%2C943&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/05\/img_20170503_183916-e1493991770316.jpg?fit=1200%2C943&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":2550,"url":"https:\/\/blog.gocept.com\/2017\/08\/22\/zope-preparing-to-enter-python-3-wonderland\/","url_meta":{"origin":1873,"position":4},"title":"Zope preparing to enter Python 3 wonderland","author":"Michael Howitz","date":"August 22, 2017","format":false,"excerpt":"Once upon the time there\u00a0was an earl named Zope II. His prophets told him that around the year 2020 suddenly his peaceful country will be\u00a0devastated: They proclaim that with the \"sunset\" of\u00a0 Python 2 as stable pillar of his country, insecurity and pain will invade his borders and hurt everyone\u2026","rel":"","context":"In &quot;en&quot;","block_context":{"text":"en","link":"https:\/\/blog.gocept.com\/category\/en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/08\/pexels-photo-242558.jpg?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/08\/pexels-photo-242558.jpg?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/08\/pexels-photo-242558.jpg?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/08\/pexels-photo-242558.jpg?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2017\/08\/pexels-photo-242558.jpg?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":3225,"url":"https:\/\/blog.gocept.com\/2018\/05\/24\/zope-is-welcome-in-the-python-3-wonderland\/","url_meta":{"origin":1873,"position":5},"title":"Zope is welcome in the Python 3 wonderland!","author":"Michael Howitz","date":"May 24, 2018","format":false,"excerpt":"Earl Zope already got the beta permission to stay in the Python 3 wonderland some months ago. His current objective is to help old friends to come to the Python 3 wonderland and to make new friends. He has to build trust in his will and ability to stay in\u2026","rel":"","context":"In &quot;en&quot;","block_context":{"text":"en","link":"https:\/\/blog.gocept.com\/category\/en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2018\/05\/zope-4-welcome-sprint.jpg?fit=1200%2C637&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2018\/05\/zope-4-welcome-sprint.jpg?fit=1200%2C637&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2018\/05\/zope-4-welcome-sprint.jpg?fit=1200%2C637&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2018\/05\/zope-4-welcome-sprint.jpg?fit=1200%2C637&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/blog.gocept.com\/wp-content\/uploads\/2018\/05\/zope-4-welcome-sprint.jpg?fit=1200%2C637&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/posts\/1873"}],"collection":[{"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/users\/15344399"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/comments?post=1873"}],"version-history":[{"count":25,"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/posts\/1873\/revisions"}],"predecessor-version":[{"id":2100,"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/posts\/1873\/revisions\/2100"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/media\/2098"}],"wp:attachment":[{"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/media?parent=1873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/categories?post=1873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.gocept.com\/wp-json\/wp\/v2\/tags?post=1873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}