Whitelist argparse and getopt as safe modules#142
Conversation
Both are pure argv-parsing stdlib modules. Their only side effects are stdout (--help text), stderr (error messages), and sys.exit on bad args. None of these is in the threat model: - print is already whitelisted, so --help / error text to stdout/stderr is consistent with existing policy - sys.exit just terminates the script; it is not code execution, file I/O, or network access - Neither module can read or write files, open sockets, spawn processes, or access the filesystem In practice, almost every legitimate CLI script imports argparse, so listing it as dangerous caused the static analyser to ask for approval on essentially every real-world script — defeating the handler's purpose of auto-approving provably safe code. Deliberately not changed: logging (real FileHandler), sys (sys.modules manipulation, sys.stdin/stdout as file objects), getpass (reads from tty), atexit (deferred exec of unreviewed handlers). These retain defensible I/O or exec vectors. Tests: adds argparse and getopt cases to TestPythonScriptAnalysis, mirroring existing safe-import test style. Full python suite (127 tests) still passes.
|
Thanks for this — and the careful writeup.
The first three are the real issue: whitelisting argparse means an argparse script can no longer be proven safe by static analysis, which is the bar the handler sets ("if we can't prove it's safe, ask"). ( Suggestion: land |
Summary
Move
argparseandgetoptfromDANGEROUS_MODULEStoSAFE_MODULESin the Python handler. Both are pure argv-parsing stdlib modules whose only side effects are stdout/stderr text andsys.exiton bad args — none of which is in the analyser's threat model:printis already whitelisted, so--help/error text to stdout/stderr is consistent with existing policy.sys.exitjust terminates the script — not code execution, file I/O, or network access.Motivation
Nearly every real-world CLI script imports
argparse. Listing it as dangerous caused the static analyser to ask for approval on essentially every script the handler sees — defeating the handler's purpose of auto-approving provably safe code. I hit this constantly with my own CLI tooling underscripts/, which prompted a dig throughpython.py.What is deliberately NOT changed
logging— realFileHandler/SocketHandler/SMTPHandlerexistsys—sys.modulesmanipulation,sys.stdin/sys.stdoutusable as file objectsgetpass— reads from tty (I/O)atexit— enables deferred execution of unreviewed handlersThese retain defensible I/O or exec vectors and stay in
DANGEROUS_MODULES.Test plan
test_safe_script_argparse_approvedandtest_safe_script_getopt_approvedinTestPythonScriptAnalysis, mirroring existing safe-import test style.tests/cli/test_python.pysuite (127 tests) passes on Python 3.14 viauv run.os,subprocess,pathlib,socket,requests, etc.) unaffected.