Mercurial > repos > guerler > hhblits
comparison lib/python3.8/site-packages/setuptools/sandbox.py @ 0:9e54283cc701 draft
"planemo upload commit d12c32a45bcd441307e632fca6d9af7d60289d44"
author | guerler |
---|---|
date | Mon, 27 Jul 2020 03:47:31 -0400 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:9e54283cc701 |
---|---|
1 import os | |
2 import sys | |
3 import tempfile | |
4 import operator | |
5 import functools | |
6 import itertools | |
7 import re | |
8 import contextlib | |
9 import pickle | |
10 import textwrap | |
11 | |
12 from setuptools.extern import six | |
13 from setuptools.extern.six.moves import builtins, map | |
14 | |
15 import pkg_resources.py31compat | |
16 from distutils.errors import DistutilsError | |
17 from pkg_resources import working_set | |
18 | |
19 if sys.platform.startswith('java'): | |
20 import org.python.modules.posix.PosixModule as _os | |
21 else: | |
22 _os = sys.modules[os.name] | |
23 try: | |
24 _file = file | |
25 except NameError: | |
26 _file = None | |
27 _open = open | |
28 | |
29 | |
30 __all__ = [ | |
31 "AbstractSandbox", "DirectorySandbox", "SandboxViolation", "run_setup", | |
32 ] | |
33 | |
34 | |
35 def _execfile(filename, globals, locals=None): | |
36 """ | |
37 Python 3 implementation of execfile. | |
38 """ | |
39 mode = 'rb' | |
40 with open(filename, mode) as stream: | |
41 script = stream.read() | |
42 if locals is None: | |
43 locals = globals | |
44 code = compile(script, filename, 'exec') | |
45 exec(code, globals, locals) | |
46 | |
47 | |
48 @contextlib.contextmanager | |
49 def save_argv(repl=None): | |
50 saved = sys.argv[:] | |
51 if repl is not None: | |
52 sys.argv[:] = repl | |
53 try: | |
54 yield saved | |
55 finally: | |
56 sys.argv[:] = saved | |
57 | |
58 | |
59 @contextlib.contextmanager | |
60 def save_path(): | |
61 saved = sys.path[:] | |
62 try: | |
63 yield saved | |
64 finally: | |
65 sys.path[:] = saved | |
66 | |
67 | |
68 @contextlib.contextmanager | |
69 def override_temp(replacement): | |
70 """ | |
71 Monkey-patch tempfile.tempdir with replacement, ensuring it exists | |
72 """ | |
73 pkg_resources.py31compat.makedirs(replacement, exist_ok=True) | |
74 | |
75 saved = tempfile.tempdir | |
76 | |
77 tempfile.tempdir = replacement | |
78 | |
79 try: | |
80 yield | |
81 finally: | |
82 tempfile.tempdir = saved | |
83 | |
84 | |
85 @contextlib.contextmanager | |
86 def pushd(target): | |
87 saved = os.getcwd() | |
88 os.chdir(target) | |
89 try: | |
90 yield saved | |
91 finally: | |
92 os.chdir(saved) | |
93 | |
94 | |
95 class UnpickleableException(Exception): | |
96 """ | |
97 An exception representing another Exception that could not be pickled. | |
98 """ | |
99 | |
100 @staticmethod | |
101 def dump(type, exc): | |
102 """ | |
103 Always return a dumped (pickled) type and exc. If exc can't be pickled, | |
104 wrap it in UnpickleableException first. | |
105 """ | |
106 try: | |
107 return pickle.dumps(type), pickle.dumps(exc) | |
108 except Exception: | |
109 # get UnpickleableException inside the sandbox | |
110 from setuptools.sandbox import UnpickleableException as cls | |
111 return cls.dump(cls, cls(repr(exc))) | |
112 | |
113 | |
114 class ExceptionSaver: | |
115 """ | |
116 A Context Manager that will save an exception, serialized, and restore it | |
117 later. | |
118 """ | |
119 | |
120 def __enter__(self): | |
121 return self | |
122 | |
123 def __exit__(self, type, exc, tb): | |
124 if not exc: | |
125 return | |
126 | |
127 # dump the exception | |
128 self._saved = UnpickleableException.dump(type, exc) | |
129 self._tb = tb | |
130 | |
131 # suppress the exception | |
132 return True | |
133 | |
134 def resume(self): | |
135 "restore and re-raise any exception" | |
136 | |
137 if '_saved' not in vars(self): | |
138 return | |
139 | |
140 type, exc = map(pickle.loads, self._saved) | |
141 six.reraise(type, exc, self._tb) | |
142 | |
143 | |
144 @contextlib.contextmanager | |
145 def save_modules(): | |
146 """ | |
147 Context in which imported modules are saved. | |
148 | |
149 Translates exceptions internal to the context into the equivalent exception | |
150 outside the context. | |
151 """ | |
152 saved = sys.modules.copy() | |
153 with ExceptionSaver() as saved_exc: | |
154 yield saved | |
155 | |
156 sys.modules.update(saved) | |
157 # remove any modules imported since | |
158 del_modules = ( | |
159 mod_name for mod_name in sys.modules | |
160 if mod_name not in saved | |
161 # exclude any encodings modules. See #285 | |
162 and not mod_name.startswith('encodings.') | |
163 ) | |
164 _clear_modules(del_modules) | |
165 | |
166 saved_exc.resume() | |
167 | |
168 | |
169 def _clear_modules(module_names): | |
170 for mod_name in list(module_names): | |
171 del sys.modules[mod_name] | |
172 | |
173 | |
174 @contextlib.contextmanager | |
175 def save_pkg_resources_state(): | |
176 saved = pkg_resources.__getstate__() | |
177 try: | |
178 yield saved | |
179 finally: | |
180 pkg_resources.__setstate__(saved) | |
181 | |
182 | |
183 @contextlib.contextmanager | |
184 def setup_context(setup_dir): | |
185 temp_dir = os.path.join(setup_dir, 'temp') | |
186 with save_pkg_resources_state(): | |
187 with save_modules(): | |
188 hide_setuptools() | |
189 with save_path(): | |
190 with save_argv(): | |
191 with override_temp(temp_dir): | |
192 with pushd(setup_dir): | |
193 # ensure setuptools commands are available | |
194 __import__('setuptools') | |
195 yield | |
196 | |
197 | |
198 def _needs_hiding(mod_name): | |
199 """ | |
200 >>> _needs_hiding('setuptools') | |
201 True | |
202 >>> _needs_hiding('pkg_resources') | |
203 True | |
204 >>> _needs_hiding('setuptools_plugin') | |
205 False | |
206 >>> _needs_hiding('setuptools.__init__') | |
207 True | |
208 >>> _needs_hiding('distutils') | |
209 True | |
210 >>> _needs_hiding('os') | |
211 False | |
212 >>> _needs_hiding('Cython') | |
213 True | |
214 """ | |
215 pattern = re.compile(r'(setuptools|pkg_resources|distutils|Cython)(\.|$)') | |
216 return bool(pattern.match(mod_name)) | |
217 | |
218 | |
219 def hide_setuptools(): | |
220 """ | |
221 Remove references to setuptools' modules from sys.modules to allow the | |
222 invocation to import the most appropriate setuptools. This technique is | |
223 necessary to avoid issues such as #315 where setuptools upgrading itself | |
224 would fail to find a function declared in the metadata. | |
225 """ | |
226 modules = filter(_needs_hiding, sys.modules) | |
227 _clear_modules(modules) | |
228 | |
229 | |
230 def run_setup(setup_script, args): | |
231 """Run a distutils setup script, sandboxed in its directory""" | |
232 setup_dir = os.path.abspath(os.path.dirname(setup_script)) | |
233 with setup_context(setup_dir): | |
234 try: | |
235 sys.argv[:] = [setup_script] + list(args) | |
236 sys.path.insert(0, setup_dir) | |
237 # reset to include setup dir, w/clean callback list | |
238 working_set.__init__() | |
239 working_set.callbacks.append(lambda dist: dist.activate()) | |
240 | |
241 # __file__ should be a byte string on Python 2 (#712) | |
242 dunder_file = ( | |
243 setup_script | |
244 if isinstance(setup_script, str) else | |
245 setup_script.encode(sys.getfilesystemencoding()) | |
246 ) | |
247 | |
248 with DirectorySandbox(setup_dir): | |
249 ns = dict(__file__=dunder_file, __name__='__main__') | |
250 _execfile(setup_script, ns) | |
251 except SystemExit as v: | |
252 if v.args and v.args[0]: | |
253 raise | |
254 # Normal exit, just return | |
255 | |
256 | |
257 class AbstractSandbox: | |
258 """Wrap 'os' module and 'open()' builtin for virtualizing setup scripts""" | |
259 | |
260 _active = False | |
261 | |
262 def __init__(self): | |
263 self._attrs = [ | |
264 name for name in dir(_os) | |
265 if not name.startswith('_') and hasattr(self, name) | |
266 ] | |
267 | |
268 def _copy(self, source): | |
269 for name in self._attrs: | |
270 setattr(os, name, getattr(source, name)) | |
271 | |
272 def __enter__(self): | |
273 self._copy(self) | |
274 if _file: | |
275 builtins.file = self._file | |
276 builtins.open = self._open | |
277 self._active = True | |
278 | |
279 def __exit__(self, exc_type, exc_value, traceback): | |
280 self._active = False | |
281 if _file: | |
282 builtins.file = _file | |
283 builtins.open = _open | |
284 self._copy(_os) | |
285 | |
286 def run(self, func): | |
287 """Run 'func' under os sandboxing""" | |
288 with self: | |
289 return func() | |
290 | |
291 def _mk_dual_path_wrapper(name): | |
292 original = getattr(_os, name) | |
293 | |
294 def wrap(self, src, dst, *args, **kw): | |
295 if self._active: | |
296 src, dst = self._remap_pair(name, src, dst, *args, **kw) | |
297 return original(src, dst, *args, **kw) | |
298 | |
299 return wrap | |
300 | |
301 for name in ["rename", "link", "symlink"]: | |
302 if hasattr(_os, name): | |
303 locals()[name] = _mk_dual_path_wrapper(name) | |
304 | |
305 def _mk_single_path_wrapper(name, original=None): | |
306 original = original or getattr(_os, name) | |
307 | |
308 def wrap(self, path, *args, **kw): | |
309 if self._active: | |
310 path = self._remap_input(name, path, *args, **kw) | |
311 return original(path, *args, **kw) | |
312 | |
313 return wrap | |
314 | |
315 if _file: | |
316 _file = _mk_single_path_wrapper('file', _file) | |
317 _open = _mk_single_path_wrapper('open', _open) | |
318 for name in [ | |
319 "stat", "listdir", "chdir", "open", "chmod", "chown", "mkdir", | |
320 "remove", "unlink", "rmdir", "utime", "lchown", "chroot", "lstat", | |
321 "startfile", "mkfifo", "mknod", "pathconf", "access" | |
322 ]: | |
323 if hasattr(_os, name): | |
324 locals()[name] = _mk_single_path_wrapper(name) | |
325 | |
326 def _mk_single_with_return(name): | |
327 original = getattr(_os, name) | |
328 | |
329 def wrap(self, path, *args, **kw): | |
330 if self._active: | |
331 path = self._remap_input(name, path, *args, **kw) | |
332 return self._remap_output(name, original(path, *args, **kw)) | |
333 return original(path, *args, **kw) | |
334 | |
335 return wrap | |
336 | |
337 for name in ['readlink', 'tempnam']: | |
338 if hasattr(_os, name): | |
339 locals()[name] = _mk_single_with_return(name) | |
340 | |
341 def _mk_query(name): | |
342 original = getattr(_os, name) | |
343 | |
344 def wrap(self, *args, **kw): | |
345 retval = original(*args, **kw) | |
346 if self._active: | |
347 return self._remap_output(name, retval) | |
348 return retval | |
349 | |
350 return wrap | |
351 | |
352 for name in ['getcwd', 'tmpnam']: | |
353 if hasattr(_os, name): | |
354 locals()[name] = _mk_query(name) | |
355 | |
356 def _validate_path(self, path): | |
357 """Called to remap or validate any path, whether input or output""" | |
358 return path | |
359 | |
360 def _remap_input(self, operation, path, *args, **kw): | |
361 """Called for path inputs""" | |
362 return self._validate_path(path) | |
363 | |
364 def _remap_output(self, operation, path): | |
365 """Called for path outputs""" | |
366 return self._validate_path(path) | |
367 | |
368 def _remap_pair(self, operation, src, dst, *args, **kw): | |
369 """Called for path pairs like rename, link, and symlink operations""" | |
370 return ( | |
371 self._remap_input(operation + '-from', src, *args, **kw), | |
372 self._remap_input(operation + '-to', dst, *args, **kw) | |
373 ) | |
374 | |
375 | |
376 if hasattr(os, 'devnull'): | |
377 _EXCEPTIONS = [os.devnull] | |
378 else: | |
379 _EXCEPTIONS = [] | |
380 | |
381 | |
382 class DirectorySandbox(AbstractSandbox): | |
383 """Restrict operations to a single subdirectory - pseudo-chroot""" | |
384 | |
385 write_ops = dict.fromkeys([ | |
386 "open", "chmod", "chown", "mkdir", "remove", "unlink", "rmdir", | |
387 "utime", "lchown", "chroot", "mkfifo", "mknod", "tempnam", | |
388 ]) | |
389 | |
390 _exception_patterns = [ | |
391 # Allow lib2to3 to attempt to save a pickled grammar object (#121) | |
392 r'.*lib2to3.*\.pickle$', | |
393 ] | |
394 "exempt writing to paths that match the pattern" | |
395 | |
396 def __init__(self, sandbox, exceptions=_EXCEPTIONS): | |
397 self._sandbox = os.path.normcase(os.path.realpath(sandbox)) | |
398 self._prefix = os.path.join(self._sandbox, '') | |
399 self._exceptions = [ | |
400 os.path.normcase(os.path.realpath(path)) | |
401 for path in exceptions | |
402 ] | |
403 AbstractSandbox.__init__(self) | |
404 | |
405 def _violation(self, operation, *args, **kw): | |
406 from setuptools.sandbox import SandboxViolation | |
407 raise SandboxViolation(operation, args, kw) | |
408 | |
409 if _file: | |
410 | |
411 def _file(self, path, mode='r', *args, **kw): | |
412 if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path): | |
413 self._violation("file", path, mode, *args, **kw) | |
414 return _file(path, mode, *args, **kw) | |
415 | |
416 def _open(self, path, mode='r', *args, **kw): | |
417 if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path): | |
418 self._violation("open", path, mode, *args, **kw) | |
419 return _open(path, mode, *args, **kw) | |
420 | |
421 def tmpnam(self): | |
422 self._violation("tmpnam") | |
423 | |
424 def _ok(self, path): | |
425 active = self._active | |
426 try: | |
427 self._active = False | |
428 realpath = os.path.normcase(os.path.realpath(path)) | |
429 return ( | |
430 self._exempted(realpath) | |
431 or realpath == self._sandbox | |
432 or realpath.startswith(self._prefix) | |
433 ) | |
434 finally: | |
435 self._active = active | |
436 | |
437 def _exempted(self, filepath): | |
438 start_matches = ( | |
439 filepath.startswith(exception) | |
440 for exception in self._exceptions | |
441 ) | |
442 pattern_matches = ( | |
443 re.match(pattern, filepath) | |
444 for pattern in self._exception_patterns | |
445 ) | |
446 candidates = itertools.chain(start_matches, pattern_matches) | |
447 return any(candidates) | |
448 | |
449 def _remap_input(self, operation, path, *args, **kw): | |
450 """Called for path inputs""" | |
451 if operation in self.write_ops and not self._ok(path): | |
452 self._violation(operation, os.path.realpath(path), *args, **kw) | |
453 return path | |
454 | |
455 def _remap_pair(self, operation, src, dst, *args, **kw): | |
456 """Called for path pairs like rename, link, and symlink operations""" | |
457 if not self._ok(src) or not self._ok(dst): | |
458 self._violation(operation, src, dst, *args, **kw) | |
459 return (src, dst) | |
460 | |
461 def open(self, file, flags, mode=0o777, *args, **kw): | |
462 """Called for low-level os.open()""" | |
463 if flags & WRITE_FLAGS and not self._ok(file): | |
464 self._violation("os.open", file, flags, mode, *args, **kw) | |
465 return _os.open(file, flags, mode, *args, **kw) | |
466 | |
467 | |
468 WRITE_FLAGS = functools.reduce( | |
469 operator.or_, [ | |
470 getattr(_os, a, 0) for a in | |
471 "O_WRONLY O_RDWR O_APPEND O_CREAT O_TRUNC O_TEMPORARY".split()] | |
472 ) | |
473 | |
474 | |
475 class SandboxViolation(DistutilsError): | |
476 """A setup script attempted to modify the filesystem outside the sandbox""" | |
477 | |
478 tmpl = textwrap.dedent(""" | |
479 SandboxViolation: {cmd}{args!r} {kwargs} | |
480 | |
481 The package setup script has attempted to modify files on your system | |
482 that are not within the EasyInstall build area, and has been aborted. | |
483 | |
484 This package cannot be safely installed by EasyInstall, and may not | |
485 support alternate installation locations even if you run its setup | |
486 script by hand. Please inform the package's author and the EasyInstall | |
487 maintainers to find out if a fix or workaround is available. | |
488 """).lstrip() | |
489 | |
490 def __str__(self): | |
491 cmd, args, kwargs = self.args | |
492 return self.tmpl.format(**locals()) |