"""
Executing the statement "del __builtins__" in a
restricted execution environment (say, the test shell
in rexec.py) causes all restrictions to be bypassed.

This is caused by the fact that restriction policies
are implemented by having the "__builtins__" key in the
globals dictionary. It is a design error to implement
restriction policies with an object that can be
modified by the restricted code!

A temporary workaround would involve a modification to
rexec.py:

*** rexec.py	Sat Jun 22 22:57:46 2002
--- /home/eric/rexec.py	Tue Jul  2 16:08:03 2002
***************
*** 241,249 ****
      # Add a module -- return an existing module or
create one
  
      def add_module(self, mname):
!         if self.modules.has_key(mname):
!             return self.modules[mname]
!         self.modules[mname] = m =
self.hooks.new_module(mname)
          m.__builtins__ = self.modules['__builtin__']
          return m
  
--- 241,249 ----
      # Add a module -- return an existing module or
create one
  
      def add_module(self, mname):
!         if not self.modules.has_key(mname):
!             self.modules[mname] =
self.hooks.new_module(mname)
!         m = self.modules[mname]
          m.__builtins__ = self.modules['__builtin__']
          return m
  

However, the restriction execution feature is prone to
this sort of programming error by design, and it should
probably be fixed by having the builtins module be
specified explicitly when executing restricted code, so
that it doesn't accidentally fall back to the
unrestricted builtins inherited from the parent frame.
"""

import unittest
import rexec

class RexecDelBuiltinsTest(unittest.TestCase):

    def testImportSocket(self):
        """import socket shouldn't be allowed"""
        r = rexec.RExec()
        self.assertRaises(ImportError, r.r_exec, "import socket")

    def testImportSocketDelBuiltins(self):
        """import socket shouldn't be allowed (after del __builtins__)"""
        r = rexec.RExec()
        r.r_exec("del __builtins__")
        self.assertRaises(ImportError, r.r_exec, "import socket")
    
    def testOsSystem(self):
        """os.system() shouldn't be allowed"""
        r = rexec.RExec()
        self.assertRaises(AttributeError, r.r_exec, "import os; os.system('who')")

    def testOsSystemDelBuiltins(self):
        """os.system() shouldn't be allowed (after del __builtins__)"""
        r = rexec.RExec()
        r.r_exec("del __builtins__")
        self.assertRaises(AttributeError, r.r_exec, "import os; os.system('who')")
        
if __name__ == "__main__":
    unittest.main()