• Levin Zimmermann's avatar
    restricted: Allow patched pandas.read_* functions · 4360dbc6
    Levin Zimmermann authored
    Rationale:
    
    Converting * to data frame / numpy array efficiently is required in all
    wendelin projects, without this functionality wendelin is useless.
    Currently all projects allow this functionality in an insecure way.
    This commit aims to improve the situation by supporting a secure way of
    this functionality.
    
    (See wendelin!99 (comment 158474))
    
    Because pandas (in restricted Python) can also be useful in 'pure' ERP5
    (without Wendelin) the functionality is added to ERP5 source code.
    
    ---
    
    Security:
    
    Security is guaranteed by patching selected read_* functions and
    allowing the patched versions. The patch prohibits anything but
    string input which directly contains the data (e.g. no urls, file
    paths). New unit tests ensure the restrictions of the patches
    are actually effective.
    
    ---
    
    Notes on implementation decisions:
    
    Instead of offering new ERP5 extension methods (e.g. Base_readJson)
    this commit adds patched pandas read functions in restricted Python.
    In this way the change of the known API is as minimal as possible.
    
    Instead of globally monkey-patching pandas read_* functions, only the
    functions inside restricted python are patched.
    In this way the fully-functional, original functions are still available
    in Zope products or ERP5 extension code.
    
    Minor changes in the way how pandas is allowed in restricted python
    have been applied. Please consult the following discussions in the Merge
    request for details:
    
    !1615 (comment 159203)
    !1615 (comment 159341)
    4360dbc6
Name
Last commit
Last update
..
Accessor Loading commit data...
CachePlugins Loading commit data...
Constraint Loading commit data...
Core Loading commit data...
Document Loading commit data...
Interactor Loading commit data...
Tool Loading commit data...
XMLExportImport Loading commit data...
dtml Loading commit data...
dynamic Loading commit data...
help Loading commit data...
interfaces Loading commit data...
mixin Loading commit data...
patches Loading commit data...
tests Loading commit data...
Base.py Loading commit data...
CHANGES.txt Loading commit data...
Cache.py Loading commit data...
Calendar.py Loading commit data...
CodingStyle.py Loading commit data...
Collections.py Loading commit data...
ConflictFree.py Loading commit data...
ConsistencyMessage.py Loading commit data...
CopySupport.py Loading commit data...
ERP5Type.py Loading commit data...
Error.py Loading commit data...
Errors.py Loading commit data...
Globals.py Loading commit data...
ImmediateReindexContextManager.py Loading commit data...
InitGenerator.py Loading commit data...
JSON.py Loading commit data...
JSONEncoder.py Loading commit data...
Log.py Loading commit data...
MAINTAINERS.txt Loading commit data...
Message.py Loading commit data...
ObjectMessage.py Loading commit data...
Pandas.py Loading commit data...
Permissions.py Loading commit data...
PsycoWrapper.py Loading commit data...
Reminder_FilterSkinNameInTraverse.patch Loading commit data...
Six.py Loading commit data...
Timeout.py Loading commit data...
TransactionalVariable.py Loading commit data...
TranslationProviderBase.py Loading commit data...
UnrestrictedMethod.py Loading commit data...
Utils.py Loading commit data...
VERSION.txt Loading commit data...
Workflow.py Loading commit data...
XMLMatrix.py Loading commit data...
XMLObject.py Loading commit data...
ZipFile.py Loading commit data...
ZopePatch.py Loading commit data...
__init__.py Loading commit data...
component.xml Loading commit data...
id_as_reference.py Loading commit data...
refresh.txt Loading commit data...
tool.png Loading commit data...