Importing ping module in RestrictedPython script i

2019-08-26 20:47发布

问题:

I would like to check internet connexion from my plone site. I tried a ping in a python script

## Script (Python) "pwreset_action.cpy"
##bind container=container
##bind context=context
##bind namespace=
##bind script=script
##bind subpath=traverse_subpath
##title=Reset a user's password
##parameters=randomstring, userid=None, password=None, password2=None
from Products.CMFCore.utils import getToolByName
from Products.PasswordResetTool.PasswordResetTool import InvalidRequestError, ExpiredRequestError
import ping, socket



status = "success"
pw_tool = getToolByName(context, 'portal_password_reset')
try:
    pw_tool.resetPassword(userid, randomstring, password)

except ExpiredRequestError:
    status = "expired"
except InvalidRequestError:
    status = "invalid"
except RuntimeError:
    status = "invalid"

context.plone_log("TRYING TO PING")
try :



 ping.verbose_ping('www.google.com' , run=3)
   context.plone_log("PING DONE")
except socket.error, e:
    context.plone_log("PING FAILED")


return state.set(status=status)

I got these errors :

2012-07-20T11:37:08 INFO SignalHandler Caught signal SIGTERM
------
2012-07-20T11:37:08 INFO Z2 Shutting down fast
------
2012-07-20T11:37:08 INFO ZServer closing HTTP to new connections
------
2012-07-20T11:37:42 INFO ZServer HTTP server started at Fri Jul 20 11:37:42 2012
    Hostname: 0.0.0.0
    Port: 8080
------
2012-07-20T11:37:42 WARNING SecurityInfo Conflicting security declarations for "setText"
------
2012-07-20T11:37:42 WARNING SecurityInfo Class "ATTopic" had conflicting security declarations
------
2012-07-20T11:37:46 INFO plone.app.theming Patched Zope Management Interface to disable theming.
------
2012-07-20T11:37:48 INFO PloneFormGen Patching plone.app.portlets ColumnPortletManagerRenderer to not catch Retry exceptions
------
2012-07-20T11:37:48 INFO Zope Ready to handle requests
------

回答1:

Python Scripts in Zope are sandboxed (via RestrictedPython, which means that any module imports have to be declared safe first. Adding modules to the declared-safe list is generally a Bad Idea unless you know what you are doing.

To declare a module as importable into Python Scripts, you'll need to create a python package, then add the following code to it so it is executed when Zope starts:

from Products.PythonScripts.Utility import allow_module

allow_module('ping')

This'll allow any import from that module (use with caution)!

It's better to allow only specific methods and classes from a module; use a ModuleSecurity declaration for that:

from AccessControl import ModuleSecurityInfo

ModuleSecurityInfo('ping').declarePublic('verbose_ping')
ModuleSecurityInfo('socket').declarePublic('error')

This is documented in the Security chapter of the Zope Developers Guide, specifically the section on module security assertions.

Note that it nearly always is a better idea to do all this work in a tightly constrained method in unrestricted code (e.g. a regular python package), then allow that method to be used from a python script instead.



回答2:

It won't work.

You CANNOT import arbitrary Python modules in RestrictedPython scripts, as in the answer you were told yesterday:

https://stackoverflow.com/a/11568316/315168

If you need to use arbitraty Python modules you need to write your own Plone add-on for that and use a BrowserView for the purpose. RestrictedPython through-the-web-browser development is not enough:

http://collective-docs.readthedocs.org/en/latest/getstarted/index.html



标签: plone ping zope