RestrictedPython

Warnings

• gotcha RestrictedPython is not a full security sandbox or a secured environment on its own. It provides mechanisms to define a subset of Python and helps in creating a trusted environment, but achieving true security requires careful policy implementation by the user.
  Fix: Users must implement robust policies for operations like `_print_`, `_write_`, `_getattr_`, `_getitem_`, and strictly curate the `__import__` hook and `__builtins__` dictionary to prevent escapes. `safe_globals` is a starting point, not a complete solution.
• gotcha RestrictedPython officially supports only CPython. It does NOT support PyPy or other alternative Python implementations, as it cannot guarantee its restrictions in those environments.
  Fix: Ensure your execution environment uses CPython.
• breaking Support for `try/except*` clauses was disallowed in version 8.0 due to a possible sandbox escape vulnerability (CVE-2025-22153).
  Fix: Upgrade to RestrictedPython 8.0 or higher. If unable to upgrade, consider downgrading Python to 3.10 or lower, where `try/except*` is not available.
• breaking The `compile_restricted` functions (e.g., `compile_restricted_exec`, `compile_restricted_eval`, `compile_restricted_single`, `compile_restricted_function`) now return a `CompileResult` namedtuple instead of a simple tuple.
  Fix: Update code that unpacks the return value of `compile_restricted` calls. Instead of `code, errors = compile_restricted(...)`, use `result = compile_restricted(...)` and access `result.code`, `result.errors`, `result.warnings`, `result.used_names`.
• breaking The `Ellipsis` (`...`) statement was re-disallowed in version 5.0 due to unclear security implications, after being allowed in version 4.0.
  Fix: Remove usage of the `Ellipsis` statement in restricted code.
• breaking Support for older Python versions is progressively dropped with new major/minor releases. For example, Python 3.8 support was dropped in v8.0, and Python 3.7 support was dropped in v7.4.
  Fix: Consult the `requires_python` metadata on PyPI or the official documentation's 'Supported Python versions' section to ensure compatibility with your Python interpreter.

Install

• pip install RestrictedPython Install latest version

Imports

• compile_restricted

  from RestrictedPython import compile_restricted

• safe_globals

  from RestrictedPython import safe_globals

• safe_builtins

  from RestrictedPython import safe_builtins

  A predefined set of safe builtins; often used within safe_globals.

Quickstart

This quickstart demonstrates compiling and executing a simple Python function within a restricted environment. It uses `compile_restricted` to process the source code and `exec` with a modified `safe_globals` dictionary to control available built-ins and attributes. You can extend `restricted_globals` to whitelist specific functions or modules as needed for your application.

from RestrictedPython import compile_restricted
from RestrictedPython import safe_globals

source_code = """
def greet(name):
    return 'Hello, ' + str(name) + '!'
"""

# Prepare the global namespace for execution
# safe_globals includes __builtins__ with restricted functions/modules
restricted_globals = safe_globals.copy()
# Add any specific names or functions you want to allow in the restricted scope
restricted_globals['_getattr_'] = getattr # Example: allowing getattr in a restricted manner

loc = {}
try:
    # Compile the restricted code
    byte_code = compile_restricted(
        source_code,
        filename='<restricted_code>',
        mode='exec'
    )
    # Execute the compiled code within the restricted globals
    exec(byte_code, restricted_globals, loc)

    # Call the function from the restricted execution's local scope
    result = loc['greet']('World')
    print(result)

    # Example of forbidden operation (will raise error if policy is strict)
    # forbidden_code = "import os; os.listdir('/')"
    # forbidden_byte_code = compile_restricted(forbidden_code, '<forbidden>', 'exec')
    # exec(forbidden_byte_code, safe_globals, {})

except Exception as e:
    print(f"An error occurred: {e}")