Commit d003de8b authored by Jérome Perrin's avatar Jérome Perrin

patches/Restricted: allow random.Random

all member of random module are available (because in ZopeGuards, there's a
random.__allow_access_to_unprotected_subobjects__ = 1), SystemRandom class
also is, but Random class was not, even though there should be nothing unsafe
in this.

This is needed if we want to use a random number generator with a fixed seed
to get reproductible results. We could use random.seed module level function
but since this is also used by several things in ERP5 this does not produce
reproductible sequences.
parent 90bc4fc4
......@@ -129,6 +129,10 @@ class TestRestrictedPythonSecurity(ERP5TypeTestCase):
expected=[('q', 's')]
)
def testRandom(self):
self.createAndRunScript('import random',
'return random.Random().getrandbits(10)')
def testSystemRandom(self):
self.createAndRunScript('import random',
'return random.SystemRandom().getrandbits(10)')
......
......@@ -393,6 +393,8 @@ del member_id, member
from random import SystemRandom
allow_type(SystemRandom)
from random import Random
allow_type(Random)
ModuleSecurityInfo('os').declarePublic('urandom')
#
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment