1 """
2 Simple dialog which asks if you want to allow or deny execution of a script.
3 A list of possible problems is show.
4 The analysis is done in safe_eval which is called from scripterng_runtime
5 like this module.
6
7 BTW, safe_eval is great module by Jeremy Sanders used inside Veusz.
8 It only allows a very small subset of Python which is considered safe.
9
10 XXX: Perhaps refactor some external functionality into this module
11 """
12 from PyQt4.QtCore import pyqtSignature
13 from PyQt4.QtGui import QDialog, QApplication
14
15 from permitdlg_ui import Ui_PermitDialog
20
21
23 QDialog.__init__(self)
24 self.ui = Ui_PermitDialog()
25 self.ui.setupUi(self)
26
27 self.ui.rememberCheck.hide()
28 self.ui.filenameLabel.setText(filename)
29
30 self.ui.problemsBrowser.setText("""
31 <i>Please look into the source for further investigation.</i>
32 <ul>
33 %s
34 </ul>
35 <p>To ensure safe execution importing external modules is not allowed by default
36 because external modules could access your system directly.
37 <br/>Additonally access to "private" attributes is not allowed because accessing
38 them could trigger side-effects which may help to break out of the sandbox.<br/>
39 Unfortunately exceptions are also a security problem because they can change
40 the control flow and you could access the stack frame.</p>
41 """ % "".join(["<li>%s</li>" % p for p in problems]))
42 self.ui.problemsBrowser.hide()
43 self.resize(self.width(), self.sizeHint().height())
44
45
46 @pyqtSignature("")
52
53
54 @pyqtSignature("")
60
61
62 @pyqtSignature("")
66
67
68
69 -def ask(filename, problems):
70 """
71 Use this fuction
72 """
73 return PermitDialog(filename, problems).exec_()
74
75
76
77 if __name__ == "__main__":
78
79 import sys
80 import safe_eval
81 problems = safe_eval.checkCode(open("permitdlg.py").read())
82 app = QApplication(sys.argv)
83 print ask("permitdlg.py", problems)
84