validate_build_inputs#
- scikitplot.cython.validate_build_inputs(*, policy=None, source=None, define_macros=None, extra_compile_args=None, extra_link_args=None, include_dirs=None, libraries=None)[source]#
Validate build inputs against a
SecurityPolicy.Raises
SecurityErroron the first violation found. All checks are deterministic and do not perform filesystem I/O.- Parameters:
- policySecurityPolicy or None, default=None
Policy to enforce. If
None,DEFAULT_SECURITY_POLICY(strict mode) is used.- sourcestr or None, default=None
Cython source text. Checked against
policy.max_source_bytes.- define_macrossequence of (str, str | None) or None, default=None
Preprocessor macro definitions. Each
(name, value)pair is validated.- extra_compile_argssequence of str or None, default=None
Extra C/C++ compiler arguments to validate.
- extra_link_argssequence of str or None, default=None
Extra linker arguments to validate.
- include_dirssequence of path-like or None, default=None
Additional include directories to validate.
- librariessequence of str or None, default=None
Library names to validate.
- Raises:
- SecurityError
On the first detected violation.
- TypeError
If
policyis not aSecurityPolicyinstance.
- Parameters:
- Return type:
None
Notes
For newbies (Scenarios 1 & 2): you do not need to call this function directly — the public API applies it automatically via
DEFAULT_SECURITY_POLICY.For masters (Scenarios 3-7): call this explicitly when you bypass the public API or when building with custom compilers.
Examples
>>> from scikitplot.cython._security import validate_build_inputs >>> validate_build_inputs( ... source="def hello(): return 42", ... extra_compile_args=["-O2"], ... ) # No error: all inputs are safe.
>>> validate_build_inputs( ... extra_compile_args=["-O2; rm -rf /"], ... ) Traceback (most recent call last): ... SecurityError: [extra_compile_args] shell metacharacter in arg: '-O2; rm -rf /'