Scripts are able to import a small number of Python modules for
which there are security declarations. These include string
,
math
, and random
. The only way to make other Python modules
available for import is to add security declarations to them in the
filesystem.
The simplest way to allow import of a module is to create your own simple custom Product. To make this Product:
MyScriptModules
.__init__.py
.from Products.PythonScripts.Utility import allow_module, allow_class from AccessControl import ModuleSecurityInfo, ClassSecurityInfo from Globals import InitializeClass
__init__.py
. You will need to write different security declarations depending
on how much of a module you want to expose. You should import the
module at the Python command line, and use dir(<module_name>)
to
examine its contents. Names starting with underscore (_
) may be
safely ignored. Be wary of dangerous modules, such as sys
and
os
, which may be exposed by the module.
You can handle a module, such as base64
, that contains only safe
functions by writing allow_module("module_name")
.
To allow access to only some names, in a module with dangerous contents, you can write:
ModuleSecurityInfo('module_name').declarePublic('name1', 'name2', ...)
If the module contains a class that you want to use, you will need to add the following:
from <module_name> import <class> allow_class(<class>)
Certain modules, such as sha
, provide extension types instead of
classes. Security declarations typically cannot be added to
extension types, so the only way to use this sort of module is to
write a Python wrapper class, or use External Methods.