openerp-india team mailing list archive

Thread
Date

[Bug 1137511] [NEW] safe_eval is too restrictive and blocks all server actions with python code related to an osv.Model with deprecated columns

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: Florent Aide <1137511@xxxxxxxxxxxxxxxxxx>
Date: Fri, 01 Mar 2013 10:38:03 -0000
Reply-to: Bug 1137511 <1137511@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

In OpenERP v7 (trunk and 7.0) the res.partner core osv has deprecated
the res_partner.country column.

This deprecation is interpreted in the orm.py which in turn uses
_logger.warning:

            if field_column and field_column.deprecated:
                _logger.warning('Field %s.%s is deprecated: %s', self._name, f, field_column.deprecated)

_logger.warning tries to "import warnings" which fires an "from
_warnings import ..." and gets blocked by safe_eval because at the
moment:

_ALLOWED_MODULES = ['_strptime', 'time']

A quick and dirty way to solve the issue is to change the allowed
modules list by adding '_warnings' to it

_ALLOWED_MODULES = ['_strptime', 'time', '_warnings']

Without this it is impossible to use server actions with python code on
any osv object with a deprecated column (even if you don't manipulate
this column in your server action). To go further as a side effect it is
impossible to use python code for server actions on crm.lead because it
fires orm requests on res.partner which in turn try to log a warning.

If the security implications are too high we should think to remove the
deprecation warning mechanism from orm.py

** Affects: openobject-server
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Server.
https://bugs.launchpad.net/bugs/1137511

Title:
  safe_eval is too restrictive and blocks all server actions with python
  code related to an osv.Model with deprecated columns

Status in OpenERP Server:
  New

Bug description:
  In OpenERP v7 (trunk and 7.0) the res.partner core osv has deprecated
  the res_partner.country column.

  This deprecation is interpreted in the orm.py which in turn uses
  _logger.warning:

              if field_column and field_column.deprecated:
                  _logger.warning('Field %s.%s is deprecated: %s', self._name, f, field_column.deprecated)

  _logger.warning tries to "import warnings" which fires an "from
  _warnings import ..." and gets blocked by safe_eval because at the
  moment:

  _ALLOWED_MODULES = ['_strptime', 'time']

  A quick and dirty way to solve the issue is to change the allowed
  modules list by adding '_warnings' to it

  _ALLOWED_MODULES = ['_strptime', 'time', '_warnings']

  Without this it is impossible to use server actions with python code
  on any osv object with a deprecated column (even if you don't
  manipulate this column in your server action). To go further as a side
  effect it is impossible to use python code for server actions on
  crm.lead because it fires orm requests on res.partner which in turn
  try to log a warning.

  If the security implications are too high we should think to remove
  the deprecation warning mechanism from orm.py

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/1137511/+subscriptions

Follow ups

[Bug 1137511] Re: safe_eval is too restrictive and blocks all server actions with python code related to an osv.Model with deprecated columns
From: Jignesh Rathod(OpenERP), 2013-03-15
[Bug 1137511] [NEW] safe_eval is too restrictive and blocks all server actions with python code related to an osv.Model with deprecated columns
From: Florent Aide, 2013-03-01

References

[Bug 1137511] [NEW] safe_eval is too restrictive and blocks all server actions with python code related to an osv.Model with deprecated columns
From: Florent Aide, 2013-03-01