-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Whitelisting more builtin primitives #1435
Conversation
@@ -38,6 +38,11 @@ def __call__(self): | |||
|
|||
|
|||
class Python(BaseQueryRunner): | |||
safe_builtins = ( | |||
'sorted', 'reversed', 'min', 'max', | |||
'sum', 'set', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be explicit, sum
and set
are the additions here.
It seems these test failures are unrelated since other PRs are failing for the same reason. |
Yes, the failures are for a different reason. I'll sort it out. I assume you tested these changes locally? |
You would be assuming incorrectly. :( I haven't set up re:dash locally to run against. I can do that later. We run it in a docker container ourselves for production. |
I'm building docker container locally and testing this out now. In theory, this should work just fine. :) |
👍 it's quite easy to run the query runner alone, as it's just Python code. |
This is also a slight refactor to make it easier to expand on this list of builtins we allow. Also, doesn't mutate the global `safe_builtins` dict every time from `RestrictedPython`, instead, opts for copying the dict first.
494932a
to
bce2e33
Compare
Alright, couldn't get docker container running, but just got it running through python enough to get into the CLI. I did:
as a test, so it appears that everything is patched in correctly. fwiw, when building from master in docker, I get the following JavaScript error when trying to go to the |
How do you "build" the frontend code in your Docker image? Note that I wouldn't recommend using master for "production" usage at the moment. I merged earlier today big refactor of the frontend code, so there are some issues still. |
I just did |
Strange, that I would expect to work. I'll give it a look tomorrow. |
This is also a slight refactor to make it easier to expand on this list
of builtins we allow.
Also, doesn't mutate the global
safe_builtins
dict every time fromRestrictedPython
, instead, opts for copying the dict first.