[Bf-committers] parsing Blender and math expressions?

Campbell Barton ideasman42 at gmail.com
Sat May 1 22:06:49 CEST 2010 

Hi Theo, This could work very nicely, it could be exposed to
bpy_driver.c as a single C function which analizes the compiled
bytecode. Once this is done it could also be used for other areas of
python in blender. Though I imagine it would need to disable import,
exec and related functions.

So basically if someone wants to expose C function for this (even if
its C calling python to start with), this could be an acceptable
solution.

On Fri, Apr 30, 2010 at 11:36 AM, Theo de Ridder
<theo.de.ridder at planet.nl> wrote:
>
> On 30 apr 2010, at 12:00, bf-committers-request at blender.org wrote:
>
>> Triggered by the crazily exploded security/sandboxing talk, I looked a
>> bit into what kind of mathematical expression parsers etc.
>
> well, I was triggered too, and having just recently thought about pragmatic en pythonic ways
> to get around with sandboxing and downscaling Python without giving up its basic elegance as
> front-end for artistic programming, I decided to become finally a bit active in this mailing list;
>
> my basic approach is the other way around of parsing source code: making decorators
> that analyse generated byte-code and even transform byte-code; I have used this in an IDE
> for advanced impact-analysis and global flow analysis that work through metaclasses
> (in contrast to pychecker), and also for generating 'bytecode' for extreme small sensor nodes.
>
> at this moment I am working on a bridge between Python and Lua, it is a chunk decorator that
> maps Lua syntax and semantics 1-1 on natural Python syntax and semantics, it executes
> directly within Python, and its __str__ produces the equivalent LUA source code;
>
> and this is my pragmatic and scalable suggestion towards more security:
> the total amount of Python code in a Blender application in general will not be that huge (< 10000 lines);
> Pythons standard compiler is very fast, and filters on produced byte-code can be fast too.
> if such filters classify compiled code in a certain scale of trust, it is up to the user (or moderator) to
> do some code inspection of indicated low trust without the need to look everywhere.
>
> ~Theo
>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
>



-- 
- Campbell

More information about the Bf-committers mailing list