Bug 1264831 - Add a few presumably harmless builtins to the sandbox. r=gps
authorMike Hommey <mh+mozilla@glandium.org>
Sat, 02 Apr 2016 09:02:11 +0900
changeset 331235 69744c3a2c2306b7cb2455c4f2c738a7655603a6
parent 331234 1942e832fd7a1a6efff65cbefeec29d8aea1d978
child 331236 cc9627a61ab171c0dc58e080a6f004f26107ad0f
push id6048
push userkmoir@mozilla.com
push dateMon, 06 Jun 2016 19:02:08 +0000
treeherdermozilla-beta@46d72a56c57d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgps
bugs1264831
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1264831 - Add a few presumably harmless builtins to the sandbox. r=gps as well as os.path.normcase.
build/moz.configure/old.configure
build/moz.configure/util.configure
python/mozbuild/mozbuild/configure/__init__.py
python/mozbuild/mozbuild/test/configure/data/moz.configure
--- a/build/moz.configure/old.configure
+++ b/build/moz.configure/old.configure
@@ -341,17 +341,16 @@ def old_configure_options(*options):
     # Below are the configure flags used by comm-central.
     '--enable-ldap',
     '--enable-mapi',
     '--enable-calendar',
     '--enable-incomplete-external-linkage',
 )
 @imports(_from='__builtin__', _import='compile')
 @imports(_from='__builtin__', _import='open')
-@imports(_from='__builtin__', _import='zip')
 @imports('logging')
 @imports('os')
 @imports('subprocess')
 @imports('sys')
 @imports(_from='mozbuild.shellutil', _import='quote')
 def old_configure(prepare_configure, extra_old_configure_args, all_options,
                   *options):
     cmd = prepare_configure
--- a/build/moz.configure/util.configure
+++ b/build/moz.configure/util.configure
@@ -95,17 +95,16 @@ def namespace(**kwargs):
 # of a @depends function in a non-immediate manner.
 #   @depends('--option')
 #   def option(value)
 #       return namespace(foo=value)
 #   set_config('FOO', delayed_getattr(option, 'foo')
 @template
 def delayed_getattr(func, key):
     @depends(func)
-    @imports(_from='__builtin__', _import='getattr')
     def result(value):
         # The @depends function we're being passed may have returned
         # None, or an object that simply doesn't have the wanted key.
         # In that case, just return None.
         return getattr(value, key, None)
     return result
 
 
--- a/python/mozbuild/mozbuild/configure/__init__.py
+++ b/python/mozbuild/mozbuild/configure/__init__.py
@@ -88,24 +88,26 @@ class ConfigureSandbox(dict):
         do_stuff(config)
     """
 
     # The default set of builtins. We expose unicode as str to make sandboxed
     # files more python3-ready.
     BUILTINS = ReadOnlyDict({
         b: __builtins__[b]
         for b in ('None', 'False', 'True', 'int', 'bool', 'any', 'all', 'len',
-                  'list', 'tuple', 'set', 'dict', 'isinstance')
+                  'list', 'tuple', 'set', 'dict', 'isinstance', 'getattr',
+                  'hasattr', 'enumerate', 'range', 'zip')
     }, __import__=forbidden_import, str=unicode)
 
     # Expose a limited set of functions from os.path
     OS = ReadOnlyNamespace(path=ReadOnlyNamespace(**{
         k: getattr(mozpath, k, getattr(os.path, k))
         for k in ('abspath', 'basename', 'dirname', 'exists', 'isabs', 'isdir',
-                  'isfile', 'join', 'normpath', 'realpath', 'relpath')
+                  'isfile', 'join', 'normcase', 'normpath', 'realpath',
+                  'relpath')
     }))
 
     def __init__(self, config, environ=os.environ, argv=sys.argv,
                  stdout=sys.stdout, stderr=sys.stderr, logger=None):
         dict.__setitem__(self, '__builtins__', self.BUILTINS)
 
         self._paths = []
         self._all_paths = set()
--- a/python/mozbuild/mozbuild/test/configure/data/moz.configure
+++ b/python/mozbuild/mozbuild/test/configure/data/moz.configure
@@ -155,22 +155,20 @@ def with_imports(value):
         return os.path.isfile(value[0])
 
 set_config('IS_FILE', with_imports)
 
 # It is still possible to import the full set from os.path.
 # It is also possible to cherry-pick builtins.
 @depends('--with-imports')
 @imports('os.path')
-@imports(_from='__builtin__', _import='hasattr')
 def with_imports(value):
     if len(value):
         return hasattr(os.path, 'getatime')
 
 set_config('HAS_GETATIME', with_imports)
 
 @depends('--with-imports')
-@imports(_from='__builtin__', _import='hasattr')
 def with_imports(value):
     if len(value):
         return hasattr(os.path, 'getatime')
 
 set_config('HAS_GETATIME2', with_imports)