| Home | Trees | Indices | Help |
|
|---|
|
|
constraint.Constraint --+
|
constraint.OpenerConstraint --+
|
AttributeDictConstraint
This is a constraint for dictionaries that are used for attributes. All keys are short strings, and each value has a separate constraint. It could be used to describe instance state, but could also be used to constraint arbitrary dictionaries with string keys.
Some special constraints are legal here: Optional.
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Inherited from |
|||
|
|||
opentypes = opentypes is a list of currently acceptable OPEN token types. |
|||
name = Used to describe the Constraint in a Violation error message |
|||
|
Inherited from Inherited from |
|||
|
|||
I help a caller determine how much memory could be consumed by the input stream while my constraint is in effect. My constraint will be enforced against the bytes that arrive over the wire. Eventually I will either accept the incoming bytes and my Unslicer will provide an object to its parent (including any subobjects), or I will raise a Violation exception which will kick my Unslicer into 'discard' mode. I define maxSizeAccept as the maximum number of bytes that will be received before the stream is accepted as valid. maxSizeReject is the maximum that will be received before a Violation is raised. The max of the two provides an upper bound on single objects. For container objects, the upper bound is probably (n-1)*accept + reject, because there can only be one outstanding about-to-be-rejected object at any time. I return (maxSizeAccept, maxSizeReject). I raise an UnboundedSchema exception if there is no bound.
|
I return the greatest number Slicer objects that might exist on the SlicerStack (or Unslicers on the UnslicerStack) while processing an object which conforms to this constraint. This is effectively the maximum depth of the object tree. I raise UnboundedSchema if there is no bound.
|
Validate an existing object. Usually objects are validated as their tokens come off the wire, but pre-existing objects may be added to containers if a REFERENCE token arrives which points to them. The older objects were were validated as they arrived (by a different schema), but now they must be re-validated by the new schema. A more naive form of validation would just accept the entire object tree into memory and then run checkObject() on the result. This validation is too late: it is vulnerable to both DoS and made-you-run-code attacks. If inbound=True, this object is arriving over the wire. If inbound=False, this is being called to validate an existing object before it is sent over the wire. This is done as a courtesy to the remote end, and to improve debuggability. Most constraints can use the same checker for both inbound and outbound objects.
|
| Home | Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Tue Oct 14 18:27:47 2008 | http://epydoc.sourceforge.net |