Draft: Python loaders
This supersedes !304 (closed), though doesn't implement everything described. Notably it doesn't implement #221 (closed), though it sets the framework for it (still missing function execution to allow the use of __init__).
Also sort of fixes #250 (closed), as I realised that separating the sandboxed environment is not currently very feasible; the code needed in the sandbox is still far too integrated with the code outside of the sandbox. E.g. common imports require information about available package repositories, which requires env.prefix().REPOS.
In summary this does two things:
- Replaces the RestrictedPython config loader with the loader from !304 (closed).
- Replaces the RestrictedPython loader used inside the sandbox to a custom implementation done by passing a subset of globals to exec. This is not very rigorous, and you can easily get around it, but the idea is that the executable sandbox provides safety guarantees, and this just provides a consistent environment with unsupported features disabled by default, and any workarounds are not supported.
As a result, RestrictedPython is no longer a dependency, however simpleeval has been added as a dependency (it's widely available according to repology).
Probably the main thing I like here is that it removes a bunch of ugly code related to RestrictedPython.
TODO:
- Further testing. I'd rather not introduce bugs due to differences between the new environment and the old one.
- Error types. Currently the only errors supported are Exception and FileNotFoundError. I don't really see why most exceptions can't be included.