[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.python

Creating Import Hooks

Sreejith K

2/18/2010 6:49:00 AM

Hi everyone,

I need to implement custom import hooks for an application (http://
www.python.org/dev/peps/pep-0302/). I want to restrict an application
to import certain modules (say socket module). Google app engine is
using a module hook to do this (HardenedModulesHook in google/
appengine/tools/dev_appserver.py). But I want to allow that
application to use an sdk module (custom) which imports and uses
socket module. But the module hook restricts the access by sdk.
Finding out, which file is importing a module give a solution?? ie. If
the application is importing socket module, I want to restrict it. But
if the sdk module is importing socket I want to allow it. Is there any
way I can do this ?

Application
========
import sdk
import socket # I dont want to allow this (need to raise
ImportError)

SDK
====
import socket # need to allow this
7 Answers

Jonathan Gardner

2/18/2010 8:04:00 AM

0

On Feb 17, 10:48 pm, Sreejith K <sreejith...@gmail.com> wrote:
> Hi everyone,
>
> I need to implement custom import hooks for an application (http://www.python.org/dev/peps...). I want to restrict an application
> to import certain modules (say socket module). Google app engine is
> using a module hook to do this (HardenedModulesHook in google/
> appengine/tools/dev_appserver.py). But I want to allow that
> application to use an sdk module (custom) which imports and uses
> socket module. But the module hook restricts the access by sdk.
> Finding out, which file is importing a module give a solution?? ie. If
> the application is importing socket module, I want to restrict it. But
> if the sdk module is importing socket I want to allow it. Is there any
> way I can do this ?
>
> Application
> ========
> import sdk
> import socket               # I dont want to allow this (need to raise
> ImportError)
>
> SDK
> ====
> import socket               # need to allow this


SDK
===
import socket

App
===
import SDK
import sys
socket = sys.modules['socket']

Steven D'Aprano

2/18/2010 8:57:00 AM

0

On Thu, 18 Feb 2010 00:03:51 -0800, Jonathan Gardner wrote:

> On Feb 17, 10:48 pm, Sreejith K <sreejith...@gmail.com> wrote:
>> Hi everyone,
>>
>> I need to implement custom import hooks for an application
>> (http://www.python.org/dev/peps...). I want to restrict an
>> application to import certain modules (say socket module). Google app
>> engine is using a module hook to do this (HardenedModulesHook in
>> google/ appengine/tools/dev_appserver.py). But I want to allow that
>> application to use an sdk module (custom) which imports and uses socket
>> module. But the module hook restricts the access by sdk. Finding out,
>> which file is importing a module give a solution?? ie. If the
>> application is importing socket module, I want to restrict it. But if
>> the sdk module is importing socket I want to allow it. Is there any way
>> I can do this ?
>>
>> Application
>> ========
>> import sdk
>> import socket               # I dont want to allow this (need to raise
>> ImportError)
>>
>> SDK
>> ====
>> import socket               # need to allow this
>
>
> SDK
> ===
> import socket
>
> App
> ===
> import SDK
> import sys
> socket = sys.modules['socket']


I'm not sure, but I think Sreejith wants to prohibit imports from the App
layer while allowing them from the SDK layer, not work around a
prohibition in the SDK layer.

In other words, he wants the import hook to do something like this:

if module is socket and the caller is not SKD:
prohibit
else
allow



I could be wrong of course.



--
Steven

Sreejith K

2/18/2010 9:29:00 AM

0

On Feb 18, 1:57 pm, Steven D'Aprano
<ste...@REMOVE.THIS.cybersource.com.au> wrote:
> On Thu, 18 Feb 2010 00:03:51 -0800, Jonathan Gardner wrote:
> > On Feb 17, 10:48 pm, Sreejith K <sreejith...@gmail.com> wrote:
> >> Hi everyone,
>
> >> I need to implement custom import hooks for an application
> >> (http://www.python.org/dev/peps...). I want to restrict an
> >> application to import certain modules (say socket module). Google app
> >> engine is using a module hook to do this (HardenedModulesHook in
> >> google/ appengine/tools/dev_appserver.py). But I want to allow that
> >> application to use an sdk module (custom) which imports and uses socket
> >> module. But the module hook restricts the access by sdk. Finding out,
> >> which file is importing a module give a solution?? ie. If the
> >> application is importing socket module, I want to restrict it. But if
> >> the sdk module is importing socket I want to allow it. Is there any way
> >> I can do this ?
>
> >> Application
> >> ========
> >> import sdk
> >> import socket               # I dont want to allow this (need to raise
> >> ImportError)
>
> >> SDK
> >> ====
> >> import socket               # need to allow this
>
> > SDK
> > ===
> > import socket
>
> > App
> > ===
> > import SDK
> > import sys
> > socket = sys.modules['socket']
>
> I'm not sure, but I think Sreejith wants to prohibit imports from the App
> layer while allowing them from the SDK layer, not work around a
> prohibition in the SDK layer.
>
> In other words, he wants the import hook to do something like this:
>
> if module is socket and the caller is not SKD:
>     prohibit
> else
>     allow
>
> I could be wrong of course.
>
> --
> Steven

@Steven, Thats exactly what I want.. Anyway to do that ??

Jean-Michel Pichavant

2/18/2010 10:49:00 AM

0

Sreejith K wrote:
> On Feb 18, 1:57 pm, Steven D'Aprano
> <ste...@REMOVE.THIS.cybersource.com.au> wrote:
>
>> On Thu, 18 Feb 2010 00:03:51 -0800, Jonathan Gardner wrote:
>>
>>> On Feb 17, 10:48 pm, Sreejith K <sreejith...@gmail.com> wrote:
>>>
>>>> Hi everyone,
>>>>
>>>> I need to implement custom import hooks for an application
>>>> (http://www.python.org/dev/peps...). I want to restrict an
>>>> application to import certain modules (say socket module). Google app
>>>> engine is using a module hook to do this (HardenedModulesHook in
>>>> google/ appengine/tools/dev_appserver.py). But I want to allow that
>>>> application to use an sdk module (custom) which imports and uses socket
>>>> module. But the module hook restricts the access by sdk. Finding out,
>>>> which file is importing a module give a solution?? ie. If the
>>>> application is importing socket module, I want to restrict it. But if
>>>> the sdk module is importing socket I want to allow it. Is there any way
>>>> I can do this ?
>>>>
>>>> Application
>>>> ========
>>>> import sdk
>>>> import socket # I dont want to allow this (need to raise
>>>> ImportError)
>>>>
>>>> SDK
>>>> ====
>>>> import socket # need to allow this
>>>>
>>> SDK
>>> ===
>>> import socket
>>>
>>> App
>>> ===
>>> import SDK
>>> import sys
>>> socket = sys.modules['socket']
>>>
>> I'm not sure, but I think Sreejith wants to prohibit imports from the App
>> layer while allowing them from the SDK layer, not work around a
>> prohibition in the SDK layer.
>>
>> In other words, he wants the import hook to do something like this:
>>
>> if module is socket and the caller is not SKD:
>> prohibit
>> else
>> allow
>>
>> I could be wrong of course.
>>
>> --
>> Steven
>>
>
> @Steven, Thats exactly what I want.. Anyway to do that ??
>

import sys
sys.modules['socket'] = None


import socket
---------------------------------------------------------------------------
ImportError Traceback (most recent call last)

ImportError: No module named socket


JM

Sreejith K

2/18/2010 12:16:00 PM

0

On Feb 18, 3:49 pm, Jean-Michel Pichavant <jeanmic...@sequans.com>
wrote:
> Sreejith K wrote:
> > On Feb 18, 1:57 pm, Steven D'Aprano
> > <ste...@REMOVE.THIS.cybersource.com.au> wrote:
>
> >> On Thu, 18 Feb 2010 00:03:51 -0800, Jonathan Gardner wrote:
>
> >>> On Feb 17, 10:48 pm, Sreejith K <sreejith...@gmail.com> wrote:
>
> >>>> Hi everyone,
>
> >>>> I need to implement custom import hooks for an application
> >>>> (http://www.python.org/dev/peps...). I want to restrict an
> >>>> application to import certain modules (say socket module). Google app
> >>>> engine is using a module hook to do this (HardenedModulesHook in
> >>>> google/ appengine/tools/dev_appserver.py). But I want to allow that
> >>>> application to use an sdk module (custom) which imports and uses socket
> >>>> module. But the module hook restricts the access by sdk. Finding out,
> >>>> which file is importing a module give a solution?? ie. If the
> >>>> application is importing socket module, I want to restrict it. But if
> >>>> the sdk module is importing socket I want to allow it. Is there any way
> >>>> I can do this ?
>
> >>>> Application
> >>>> ========
> >>>> import sdk
> >>>> import socket               # I dont want to allow this (need to raise
> >>>> ImportError)
>
> >>>> SDK
> >>>> ====
> >>>> import socket               # need to allow this
>
> >>> SDK
> >>> ===
> >>> import socket
>
> >>> App
> >>> ===
> >>> import SDK
> >>> import sys
> >>> socket = sys.modules['socket']
>
> >> I'm not sure, but I think Sreejith wants to prohibit imports from the App
> >> layer while allowing them from the SDK layer, not work around a
> >> prohibition in the SDK layer.
>
> >> In other words, he wants the import hook to do something like this:
>
> >> if module is socket and the caller is not SKD:
> >>     prohibit
> >> else
> >>     allow
>
> >> I could be wrong of course.
>
> >> --
> >> Steven
>
> > @Steven, Thats exactly what I want.. Anyway to do that ??
>
> import sys
> sys.modules['socket'] = None
>
> import socket
> ---------------------------------------------------------------------------
> ImportError                               Traceback (most recent call last)
>
> ImportError: No module named socket
>
> JM

@Jean. Thanks for the reply. But this is not what I wanted. The import
hook already restricts socket imports in applications. But I want them
in sdk package (alone) which is being imported in the application. I
don't want applications to directly use the socket module. That means
I want to make some exceptions for sdk in import hooks.

Jean-Michel Pichavant

2/18/2010 12:39:00 PM

0

Sreejith K wrote:
> On Feb 18, 3:49 pm, Jean-Michel Pichavant <jeanmic...@sequans.com>
> wrote:
>
>> Sreejith K wrote:
>>
>>> On Feb 18, 1:57 pm, Steven D'Aprano
>>> <ste...@REMOVE.THIS.cybersource.com.au> wrote:
>>>
>>>> On Thu, 18 Feb 2010 00:03:51 -0800, Jonathan Gardner wrote:
>>>>
>>>>> On Feb 17, 10:48 pm, Sreejith K <sreejith...@gmail.com> wrote:
>>>>>
>>>>>> Hi everyone,
>>>>>>
>>>>>> I need to implement custom import hooks for an application
>>>>>> (http://www.python.org/dev/peps...). I want to restrict an
>>>>>> application to import certain modules (say socket module). Google app
>>>>>> engine is using a module hook to do this (HardenedModulesHook in
>>>>>> google/ appengine/tools/dev_appserver.py). But I want to allow that
>>>>>> application to use an sdk module (custom) which imports and uses socket
>>>>>> module. But the module hook restricts the access by sdk. Finding out,
>>>>>> which file is importing a module give a solution?? ie. If the
>>>>>> application is importing socket module, I want to restrict it. But if
>>>>>> the sdk module is importing socket I want to allow it. Is there any way
>>>>>> I can do this ?
>>>>>>
>>>>>> Application
>>>>>> ========
>>>>>> import sdk
>>>>>> import socket # I dont want to allow this (need to raise
>>>>>> ImportError)
>>>>>>
>>>>>> SDK
>>>>>> ====
>>>>>> import socket # need to allow this
>>>>>>
>>>>> SDK
>>>>> ===
>>>>> import socket
>>>>>
>>>>> App
>>>>> ===
>>>>> import SDK
>>>>> import sys
>>>>> socket = sys.modules['socket']
>>>>>
>>>> I'm not sure, but I think Sreejith wants to prohibit imports from the App
>>>> layer while allowing them from the SDK layer, not work around a
>>>> prohibition in the SDK layer.
>>>>
>>>> In other words, he wants the import hook to do something like this:
>>>>
>>>> if module is socket and the caller is not SKD:
>>>> prohibit
>>>> else
>>>> allow
>>>>
>>>> I could be wrong of course.
>>>>
>>>> --
>>>> Steven
>>>>
>>> @Steven, Thats exactly what I want.. Anyway to do that ??
>>>
>> import sys
>> sys.modules['socket'] = None
>>
>> import socket
>> ---------------------------------------------------------------------------
>> ImportError Traceback (most recent call last)
>>
>> ImportError: No module named socket
>>
>> JM
>>
>
> @Jean. Thanks for the reply. But this is not what I wanted. The import
> hook already restricts socket imports in applications. But I want them
> in sdk package (alone) which is being imported in the application. I
> don't want applications to directly use the socket module. That means
> I want to make some exceptions for sdk in import hooks.
>
give us your code (the hook import)

in your entry file:

import socket
import sys
sys.modules['sdkSocket'] = sys.modules['socket'] # allow to import
socket ad sdkSocket
sys.modules['socket'] = None # forbid to import socket
del socket

within your SDK:
import sdkSocket # actually the socket module

print sdkSocket.__file__
'/usr/lib/python2.5/socket.pyc'

JM

Jonathan Gardner

2/19/2010 1:20:00 AM

0

On Feb 18, 1:28 am, Sreejith K <sreejith...@gmail.com> wrote:
> On Feb 18, 1:57 pm, Steven D'Aprano
>
>
>
> <ste...@REMOVE.THIS.cybersource.com.au> wrote:
> > On Thu, 18 Feb 2010 00:03:51 -0800, Jonathan Gardner wrote:
> > > On Feb 17, 10:48 pm, Sreejith K <sreejith...@gmail.com> wrote:
> > >> Hi everyone,
>
> > >> I need to implement custom import hooks for an application
> > >> (http://www.python.org/dev/peps...). I want to restrict an
> > >> application to import certain modules (say socket module). Google app
> > >> engine is using a module hook to do this (HardenedModulesHook in
> > >> google/ appengine/tools/dev_appserver.py). But I want to allow that
> > >> application to use an sdk module (custom) which imports and uses socket
> > >> module. But the module hook restricts the access by sdk. Finding out,
> > >> which file is importing a module give a solution?? ie. If the
> > >> application is importing socket module, I want to restrict it. But if
> > >> the sdk module is importing socket I want to allow it. Is there any way
> > >> I can do this ?
>
> > >> Application
> > >> ========
> > >> import sdk
> > >> import socket               # I dont want to allow this (need to raise
> > >> ImportError)
>
> > >> SDK
> > >> ====
> > >> import socket               # need to allow this
>
> > > SDK
> > > ===
> > > import socket
>
> > > App
> > > ===
> > > import SDK
> > > import sys
> > > socket = sys.modules['socket']
>
> > I'm not sure, but I think Sreejith wants to prohibit imports from the App
> > layer while allowing them from the SDK layer, not work around a
> > prohibition in the SDK layer.
>
> > In other words, he wants the import hook to do something like this:
>
> > if module is socket and the caller is not SKD:
> >     prohibit
> > else
> >     allow
>
> > I could be wrong of course.
>
>
> @Steven, Thats exactly what I want.. Anyway to do that ??
>

My point was that it's really pointless to try to enforce any such
thing on the program or programmer. There are ways around it. If you
don't want them to play with socket, write in the documentation:
"Don't play with the 'socket' module."

If you want to prevent them from touching sockets at all, it's time to
rethink your design. You may want to have a talk with Bruce Schneier,
or at least read what he's written if you still think you need to
somehow shut down a part of the system to its users.

Oftentimes, programmers think they need to have control over what
other people write, forgetting that they are able to do what they do
due to the freedoms afforded them. They also forget that they are not
in control of what other programmers do, anymore than a grocery store
who refuses to stock a certain product can prevent people from getting
that product.

Write your code to expand freedoms, not limit them. If your design
depends on limiting the choices of your users, you have done something
wrong.