is there a way to protect built-ins in python?

  • Last Update :
  • Techknowledgy :
def set():

Suggestion : 2

RestrictedPython provides a way to define policies, by redefining restricted versions of print, getattr, setattr, import, etc.. As shortcuts it offers three stripped down versions of Python’s __builtins__:,RestrictedPython only provides the raw material for restricted execution. To actually enforce any restrictions, you need to supply a policy implementation by providing restricted versions of print, getattr, setattr, import, etc. These restricted implementations are hooked up by providing a set of specially named objects in the global dict that you use for execution of code. Specifically:,RestrictedPython predefines several guarded access and manipulation methods:,safe_globals is a shortcut for {'__builtins__': safe_builtins} as this is the way globals have to be provided to the exec function to actually restrict the access to the builtins provided by Python.

def f(x): = + x[0]
print x
return printed
def f(x):
   # Make local variables from globals.
_print = _print_()
_write = _write_
_getattr = _getattr_
_getitem = _getitem_

# Translation of f(x) above
_write(x).foo = _getattr(x, 'foo') + _getitem(x, 0)
print >> _print, x
return _print()
>>> from RestrictedPython.PrintCollector import PrintCollector
>>> _print_ = PrintCollector
>>> _getattr_ = getattr

>>> src = '''
... print("Hello World!")
... '''
>>> code = compile_restricted(src, '<string>', 'exec')
   >>> exec(code)
>>> src = '''
... print("Hello World!")
... result = printed
... '''
>>> code = compile_restricted(src, '<string>', 'exec')
   >>> exec(code)

   >>> result
   'Hello World!\n'
>>> from RestrictedPython.Guards import safe_builtins
>>> restricted_globals = dict(__builtins__=safe_builtins)

>>> src = '''
... open('/etc/passwd')
... '''
>>> code = compile_restricted(src, '<string>', 'exec')
   >>> exec(code, restricted_globals)
   Traceback (most recent call last):
   NameError: name 'open' is not defined
>>> from RestrictedPython.Guards
import full_write_guard
   _write_ = full_write_guard >>>
   _getattr_ = getattr

   class BikeShed(object):
   ...colour = 'green'
   shed = BikeShed()

Suggestion : 3

This module provides direct access to all ‘built-in’ identifiers of Python; for example, is the full name for the built-in function open(). See Built-in Functions and Built-in Constants for documentation.,This module is not normally accessed explicitly by most applications, but can be useful in modules that provide objects with the same name as a built-in value, but in which the built-in of that name is also needed. For example, in a module that wants to implement an open() function that wraps the built-in open(), this module can be used directly:,As an implementation detail, most modules have the name __builtins__ made available as part of their globals. The value of __builtins__ is normally either this module or the value of this module’s __dict__ attribute. Since this is an implementation detail, it may not be used by alternate implementations of Python.,sysconfig — Provide access to Python’s configuration information

import builtins

def open(path):
   f =, 'r')
return UpperCaser(f)

class UpperCaser:
'Wrapper around a file that converts output to upper-case.'

def __init__(self, f):
   self._f = f

def read(self, count = -1):


Suggestion : 4

Last Updated : 26 Mar, 2020

For example, in a module that wants to implement an open() function that wraps the built-in open(), this module can be used directly:

open(path, 'r')

But in cases where there is a function with the same name as the builtin functions these needs to be called explicitly:

def open(path):
   f =, 'r')



Suggestion : 5

What's the best way to learn the functions we'll need day-to-day like enumerate and range?,In addition to the 25 built-in functions above, we'll also briefly see the other 46 built-ins in the learn it later maybe learn it eventually and you likely don't need these sections.,I'm going to mention 14 more built-in functions which are handy to know about, but not worth learning until you actually need to use them.,Python refuses to coerce that 3 integer to a string, so we need to manually do it ourselves, using the built-in str function (class technically, but as I said, I'll be calling these all functions):

>>> words = ["Welcome", "to", "Python"] >>>
   print(words)['Welcome', 'to', 'Python'] >>>
   print( * words, end = "!\n")
Welcome to Python!
   print( * words, sep = "\n")
>>> words = ["Welcome", "to", "Python"] >>>
>>> version = 3
>>> "Python " + version
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
      TypeError: can only concatenate str (not "int") to str
>>> version = 3 >>>
   "Python " + str(version)
'Python 3'
>>> program_name = "Python 3" >>>
   version_number = program_name.split()[-1] >>>
>>> from math
import sqrt

Suggestion : 6

To understand this better, you'll need to learn about the L.E.G.B. rule.,A builtin in Python is everything that lives in the builtins module.,Python has a whole lot of builtins that are unknown to most people. This guide aims to introduce you to everything that Python has to offer, through its seemingly obscure builtins.,You can use the dir function to print all the variables defined inside a module or class. So let's use that to list out all of the builtins:

If the key is None, fetch_from_cache raises a ValueError, indicating that the value provided to this function was inappropriate. And since the try block only catches KeyError, this error is shown directly to the user.

>>> x = None
>>> get_value(x)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
      File "<stdin>", line 3, in get_value
         File "<stdin>", line 3, in fetch_from_cache
            ValueError: key must not be None

Another fact about exceptions is that every exception is a subclass of BaseException, and nearly all of them are subclasses of Exception, other than a few that aren't supposed to be normally caught. So if you ever wanted to be able to catch any exception normally thrown by code, you could do

except Exception: ...

and if you wanted to catch every possible error, you could do

except BaseException: ...

If you're wondering from the code example above why I didn't try to do 3 + num, it's because it doesn't work yet:

>>> 100 + num
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
      TypeError: unsupported operand type(s) for +: 'int' and 'MyNumber'

But, support for that can be added pretty easily by adding the __radd__ operator, which adds support for right-addition:

class MyNumber:
   def __add__(self, other):
   return other + 42

def __radd__(self, other):
   return other + 42

As a bonus, this also adds support for adding two MyNumber classes together:

>>> num = MyNumber() >>>
   num + 100
   3 + num
   num + num

The first is an Assign statement...


Which assigns to the target x...

    targets = [
          Name(id = 'x', ctx = Store())

The value of a list with 2 constants 1 and 2.

    value = List(
    elts = [
    Constant(value = 1),
    Constant(value = 2)
    ctx = Load())), ),

The second is an Expr statement, which in this case is a function call...

        value = Call(

Of the name print, with the value x.

    func = Name(id = 'print', ctx = Load()),
       args = [
          Name(id = 'x', ctx = Load())

This refers to converting the source code into tokens, based on Python's grammar. You can take a look at how Python tokenizes your files, you can use the tokenize module:

$ cat
x = [1, 2]

$ py - m tokenize
0, 0 - 0, 0: ENCODING 'utf-8'
1, 0 - 1, 1: NAME 'x'
1, 2 - 1, 3: OP '='
1, 4 - 1, 5: OP '['
1, 5 - 1, 6: NUMBER '1'
1, 6 - 1, 7: OP ','
1, 8 - 1, 9: NUMBER '2'
1, 9 - 1, 10: OP ']'
1, 10 - 1, 11: NEWLINE '\n'
2, 0 - 2, 5: NAME 'print'
2, 5 - 2, 6: OP '('
2, 6 - 2, 7: NAME 'x'
2, 7 - 2, 8: OP ')'
2, 8 - 2, 9: NEWLINE '\n'
3, 0 - 3, 0: ENDMARKER ''

Suggestion : 7

It is not ok to shadow builtins with variables which are local to a function or method. These variables are not public and can be easily renamed, thus reducing the confusion and making the code less error-prone.,It is sometimes ok to shadow a builtin to improve the readability of a public API or to support multiple versions of a library. In these cases the value is higher than the maintainability cost. Just be careful when you do it.,Local variable and function parameter names should comply with a naming convention Code Smell,This rule raises an issue when the name of a local variable matches the name of a builtin.

Noncompliant Code Example

def a_function():
   int = 42 # Noncompliant;
int is a builtin

Compliant Solution

def a_function():
   value = 42