wx.DirDialog and App Store Sandboxing - python

As I understand with a sandboxing that Apple added you can no longer write outside your sandbox, but using the NSOpenPanel you can ask the user to specify the directory and let you write there. For example, there is this wrapper to simplify things: https://github.com/leighmcculloch/AppSandboxFileAccess
But I have a python app using wx, which I need to extend to support this, but as I understand wx.DirDialog doesn't have anything like this. https://wxpython.org/Phoenix/docs/html/wx.DirDialog.html?highlight=dirdialog#wx-dirdialog
Is there some other class for this?
P.S. I'm quite new to the wx+python so maybe there is some other option like integrating those Obj-c classes and using them instead of DirDialog? Although I would like to avoid it if possible

Related

How to list/delete the unused functions of a Python Framework

Hey I am working on a project that has a web-frontend. I use Flask for that and it fits my needs really well. However, the client is really concerned about file size and wants me to cut off every "unnecessary" function of the frameworks that are in use.
It isn't many frameworks but obviously I don't use every single function of them.
Basically, what I am looking for is a kind of debugger that "watches" everything going on in my code while I use the web interface and then it flags all the functions in these python files that have been called so it lets me delete cut away the functions that I don't need.
I don't really know how to approach this and I think there is going to be some tool that does just that. The alternative would be to do as I described but manually, this would result in DAYS of work.

How to create multiple Python's instances within a Go application

Currently I'm doing a project in Golang which need to call to Python.
In Python it's a library of singleton-like instance.
But I can't modify those library because It's too complicated. (for me)
Most thing I can do is wrap it with my own Python script.
So I'm finding a way to create multiple Python interpreter in Go.
Or maybe multiple sub-interpreter in Python.
Which mean I can create many python instance(same application).
Any ways I can do this?
As Chris Townsend and pie-o-pah said,
Trying to implement sub-interpreter is much more complicate.
Try to create the language interface is make senses to my case.
In this situation os/exec is the way to go.
And can even create ssh to remote my python module if my main server is overload.

General system architecture for Linux configuration tool

I am going to write configuration tool for my Ubuntu based system. Next I would like to write frontends (text, GUI and web). But it is the most complicated project I wanted to write and I am not sure about general architecture I should use.
At the current I have functions and classes for changing system config. But these functions will probably grow & change. #Abki gave me advice how to write interface for frontends. I am going to make base classes for this interface but I don't know how to connect it with backend and next with frontends. Probably I should use design patterns like fasade, wrapper or something else.
It looks like (without interface_to_backend layer):
I don't care about UI and functions to change system config now. But I don't know how to write middle layer so It would be easy to connect it with the rest and extend functionality i the future.
I need general ideas, design patterns, advices how to implement this in Python.
I'm not sure this is entirely appropriate for SO but I'm intrigued and so I'll bite. As a rubyist I can't help much with the Python but here is some opinion on pattens from my experience.
My initial suggestion is you should review a few of the contenders out there. Specifically I'd be looking at cfengine, chef and bcfg2. They each tell a different story but if I'd summarise I'd say:
Chef has a lovely dsl syntax but is let down by a complicated architecture
bcfg2 is written in python but seems to have an annoying tendency to use XML :(
cfengine has the strongest theoretical underpinnings in promise theory (which is v.interesting BTW) but is C based.
Wikipedia also provides a pretty impressive list of configuration management tools that you will find useful.
In regard to designing your own tool I'd suggest there are three principles you want to pursue:
Simplicity, the simpler you make this the better. Simple in terms of scope, configuration and use are all important.
You'll need a single way to store data, you need to be able to trace the choices as they are made and not trample other people's changes (especially in a team environment).
Security, most configuration management tools need root privileges at some point. So you need to make sure that users can trust the code they're running.
You could use Fabric with Python as described in the article Ubuntu Server Setup with Python Fabric
The Wikipedia article at Comparison of open source configuration management software has several other tools that use Python to do this.
I like the approach taken by SALT.
If you write the GUI, text/CLI, and Web interfaces using Python, they can all use the same Python module. That way a change in one interface transparently affects the others. Plus all of those are in Python's area of strength.

Implementing a Plugin System in Python

I am writing an application (a server wrapper for Minecraft) that I wish to make extensible with plugins. I have a system in place that works, however I think that in the long run it could use improvement.
The way that I have it now, the application calls a "get_plugins" method in the server class that, first imports a file named pluginutils.py (pluginutils.py defines a BasePlugin class which all plugins subclass), and then loops through every .py file in the cmds directory, importing it and checking to see if it is a subclass of BasePlugin. If it is, it stores an instance of it in a dictionary, for which the key is a cmd class variable defined in the plugin. Whenever the application receives a command from the server it checks if it is a key in the dictionary and if so runs the start method of the instance stored in the dictionary, to which it passes the necessary arguments taken from the command.
While this works, I feel like this is a sloppy way to do it. Are there any better techniques for implementing a system similar to this? I want to write this myself (I don't want to use anything like zope.interface) as this is a learning experience. Thanks.
Having written quite a few different plugin architectures in different platforms and languages, I will say that you are pretty much on track with how most plugins systems are written.
Basically what it boils down to, is your host and your plugin need to have some kind of common contract to work with; in other words, your host needs to know enough about your plugin that it can pass along or share whatever common resources the plugin will need, and the plugin needs to know enough about the host to interact with those resources.
Implementing this using a base class and a derived class as you have done is a very common methodology.
I would suggest to use setuptools, because plugins are linked eventually to the management of the sys.path list:
http://peak.telecommunity.com/DevCenter/PkgResources
In the long run, a distribution/packaging based solution like setuptools would always be a solid choice since:
you have to load plugins without conflicts or missing requirements,
even if the plugins loaded depend themselves on other dynamic dependencies, and
you have to keep the list of available plugins updated as packages are installed and removed.

Python - Creating a "scripting" system

I'm making a wxpython app that I will compile with the various freezing utility out there to create an executable for multiple platforms.
the program will be a map editer for a tile-based game engine
in this app I want to provide a scripting system so that advanced users can modify the behavior of the program such as modifying project data, exporting the project to a different format ect.
I want the system to work like so.
the user will place the python script they wish to run into a styled textbox and then press a button to execute the script.
I'm good with this so far thats all really simple stuff.
obtain the script from the text-box as a string compile it to a cod object with the inbuilt function compile() then execute the script with an exec statment
script = textbox.text #bla bla store the string
code = compile(script, "script", "exec") #make the code object
eval(code, globals())
the thing is, I want to make sure that this feature can't cause any errors or bugs
say if there is an import statement in the script. will this cause any problems taking into account that the code has been compiled with something like py2exe or py2app?
how do I make sure that the user can't break critical part of the program like modifying part of the GUI while still allowing them to modify the project data (the data is held in global properties in it's own module)? I think that this would mean modifying the globals dict that is passed to the eval function.
how to I make sure that this eval can't cause the program to hang due to a long or infinite loop?
how do I make sure that an error raised inside the user's code can't crash the whole app?
basically, how to I avoid all those problems that can arise when allowing the user to run their own code?
EDIT: Concerning the answers given
I don't feel like any of the answers so far have really answered my questions
yes they have been in part answered but not completely. I'm well aware the it is impossible to completely stop unsafe code. people are just too clever for one man (or even a teem) to think of all the ways to get around a security system and prevent them.
in fact I don't really care if they do. I'm more worried about some one unintentional breaking something they didn't know about. if some one really wanted to they could tear the app to shreds with the scripting functionality, but I couldn't care less. it will be their instance and all the problem they create will be gone when they restart the app unless they have messed with files on the HD.
I want to prevent the problems that arise when the user dose something stupid.
things like IOError's, SystaxErrors, InfiniteLoopErrors ect.
now the part about scope has been answered. I now understand how to define what functions and globals can be accessed from the eval function
but is there a way to make sure that the execution of their code can be stopped if it is taking too long?
a green thread system perhaps? (green because it would be eval to make users worry about thread safety)
also if a users uses an import module statement to load a module from even the default library that isn't used in the rest of the class. could this cause problems with the app being frozen by Py2exe, Py2app, or Freeze? what if they call a modal out side of the standard library? would it be enough that the modal is present in the same directory as the frozen executable?
I would like to get these answers with out creating a new question but I will if I must.
Easy answer: don't.
You can forbid certain keywords (import) and operations, and accesses to certain data structures, but ultimately you're giving your power users quite a bit of power. Since this is for a rich client that runs on the user's machine, a malicious user can crash or even trash the whole app if they really feel like it. But it's their instance to crash. Document it well and tell people what not to touch.
That said, I've done this sort of thing for web apps that execute user input and yes, call eval like this:
eval(code, {"__builtins__":None}, {safe_functions})
where safe_functions is a dictionary containing {"name": func} type pairs of functions you want your users to be able to access. If there's some essential data structure that you're positive your users will never want to poke at, just pop it out of globals before passing them in.
Incidentally, Guido addressed this issue on his blog a while ago. I'll see if I can find it.
Edit: found.
Short Answer: No
Is using eval in Python a bad practice?
Other related posts:
Safety of Python 'eval' For List Deserialization
It is not easy to create a safety net. The details too many and clever hacks are around:
Python: make eval safe
On your design goals:
It seems you are trying to build an extensible system by providing user to modify a lot of behavior and logic.
Easiest option is to ask them to write a script which you can evaluate (eval) during the program run.
How ever, a good design describes , scopes the flexibility and provides scripting mechanism through various design schemes ranging from configuration, plugin to scripting capabilities etc. The scripting apis if well defined can provide more meaningful extensibility. It is safer too.
I'd suggest providing some kind of plug-in API and allowing users to provide plug-ins in the form of text files. You can then import them as modules into their own namespace, catching syntax errors in the process, and call the various functions defined in the plug-in module, again checking for errors. You can provide an API module that defines the functions/classes from your program that the plug-in module has access to. That gives you the freedom to make changes to your application's architecture without breaking plug-ins, since you can just adapt the API module to expose the functionality in the same way.
If you have the option to switch to Tkinter you can use the bundled tcl interpreter to process your script. For that matter you can probably do that with a wxpython app if you don't start the tk event loop; just use the tcl interpreter without creating any windows.
Since the tcl interpreter is a separate thing it should be nearly impossible to crash the python interpreter if you are careful about what commands you expose to tcl. Plus, tcl makes creating DSLs very easy.
Python - the only scripting language with a built-in scripting engine :-).

Categories

Resources