Remove even more numpy security duplications
With nexedi/wendelin@3f887532 and nexedi/wendelin@b4c22280 we already removed numpy security duplications: this code already exists in ERP5 (with nexedi/erp5@a254bf50). But we still missed some code parts: https://lab.nexedi.com/nexedi/wendelin/blob/b4c222803027a2d0d0fae793a4f16d4bea85f87d/product/Wendelin/__init__.py#L49-52 (perhaps because they looked different between erp5 and wendelin). Furthermore with nexedi/erp5@79fa584e the last numpy parts which only existed in Wendelin were also migrated to ERP5, which is why we can finally also remove this from Wendelin. Now all numpy related RestrictedPython definitions can be found in the ERP5 codebase and they are no longer distributed over both ERP5 and Wendelin. /tested-at https://erp5js.nexedi.net/#/test_result_module/20230305-F68A7FFE
-
Owner
Hi @levin.zimmermann , since one of the latest commits to wendelin we have a case in our project where .astype is not allowed anymore in restricted environment, you can see by comparing these test results:
result with recent erp5 and wendelin from after removing security duplications
result with recent erp5 and wendelin from before removing security duplications
-
Maintainer
Thanks for notifying me @klaus, I think I made a mistake when moving it to erp5 in erp5@79fa584e (I wanted to simplify it, but didn't look at it correctly).
I'll fix it in ERP5 and maybe add a new test in https://lab.nexedi.com/nexedi/erp5/blob/611419d0/bt5/erp5_data_notebook/TestTemplateItem/portal_components/test.erp5.testExecuteJupyter.py#L948
-
Maintainer
(perhaps it's better to add tests here: https://lab.nexedi.com/nexedi/erp5/blob/611419d0/bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testRestrictedPythonSecurity.py#L488)
-
mentioned in commit erp5@707f1e91
-
mentioned in commit levin.zimmermann/erp5@197f0a5a
-
mentioned in commit levin.zimmermann/erp5@f361040f
-
mentioned in commit levin.zimmermann/erp5@606d87e2