SecurityPolicy#
- class scikitplot.cython.SecurityPolicy(strict=True, allow_absolute_include_dirs=False, allow_shell_metacharacters=False, allow_reserved_macros=False, allow_dangerous_compiler_args=False, max_source_bytes=10485760, max_extra_compile_args=64, max_extra_link_args=64, max_include_dirs=32, max_libraries=32)[source]#
Immutable security policy applied to build inputs before compilation.
- Parameters:
- strictbool, default=True
Master switch. When
False, all checks below default to the most permissive setting. Overriding individual flags still works.- allow_absolute_include_dirsbool, default=False
When
False, include directories must be relative paths or must be resolved to be inside the cache directory. SettingTrueallows any absolute path, which is required when pointing at system headers (e.g.,/usr/local/include). Newbies: leaveFalse. Pros: setTruefor custom installs.- allow_shell_metacharactersbool, default=False
When
False, shell metacharacters (; & | ` $ < > ( ) \\) are rejected inextra_compile_argsandextra_link_args. Only enable this when you are certain your build backend does not useshell=True.- allow_reserved_macrosbool, default=False
When
False, define-macro names that shadow CPython or security-sensitive preprocessor guards are rejected.- allow_dangerous_compiler_argsbool, default=False
When
False, compiler arguments that match known dangerous patterns (-imacros,-specs=, etc.) are rejected.- max_source_bytesint or None, default=10_485_760
Maximum allowed source code size in bytes (default 10 MiB).
Nonedisables the limit. Prevents accidental or deliberate memory exhaustion during compilation.- max_extra_compile_argsint, default=64
Maximum number of extra C/C++ compiler arguments accepted.
- max_extra_link_argsint, default=64
Maximum number of extra linker arguments accepted. Separate from
max_extra_compile_argsbecause link-time argument counts can legitimately differ from compile-time counts (e.g., many-lflags).- max_include_dirsint, default=32
Maximum number of include directories accepted.
- max_librariesint, default=32
Maximum number of library names accepted.
- Parameters:
See also
validate_build_inputsApply this policy against actual build inputs.
SecurityErrorRaised on violation.
Notes
Newbie users (Scenarios 1 & 2): use
DEFAULT_SECURITY_POLICY(strict=True). You get path-traversal protection and macro-shadow guards with no extra configuration.Master/pro users (Scenarios 3-7): construct a custom policy that relaxes only the specific checks you need:
from scikitplot.cython._security import SecurityPolicy policy = SecurityPolicy(allow_absolute_include_dirs=True)
CI/automation environments: set
SCIKITPLOT_CYTHON_ALLOW_ABSOLUTE_DIRS=1in the environment to temporarily enable absolute include dirs without code changes.Examples
Default (strict) policy:
>>> policy = SecurityPolicy() >>> policy.strict True >>> policy.allow_shell_metacharacters False
Relaxed policy for pro users who supply system include paths:
>>> policy = SecurityPolicy(allow_absolute_include_dirs=True) >>> policy.allow_absolute_include_dirs True
- classmethod relaxed()[source]#
Return a pre-configured policy with all dangerous checks disabled.
Warning
Only use this for fully trusted inputs (e.g., your own build scripts in a controlled CI environment). Do NOT apply this to user-supplied data.
- Returns:
- SecurityPolicy
Permissive policy instance.
- Return type: