Python safe_to_run_code Beispiele

Beispiel #1

def match_policy(policy_code, extra, password_meta):
    # If admin user can invoke custom code via exec and eval, It can cause serious security issues.
    # This is because the admin user can run code on the dashboard server.
    if not safe_to_run_code():
        return True
    exec(policy_code)
    result = eval('can_register(extra, password_meta)')
    return result

Beispiel #2

def match_policy(policy_code, user, item, new_item={}):
    if not safe_to_run_code():
        return True
    exec(policy_code)
    params_len = eval('len(inspect.signature(has_permission).parameters)')
    if params_len == 2:
        result = eval('has_permission(user, item)')
    elif params_len == 3:
        result = eval('has_permission(user, item, new_item)')
    else:
        result = False
    return result

Beispiel #3

def match_has_permission(policy_code, user, user_to_do):
    """
    사용자를 읽고 쓸 권한이 있는지 체크
    :param policy_code:
    :param user:
    :param user_to_do:
    :return:
    """
    if not safe_to_run_code():
        return True
    exec(policy_code)
    result = eval('has_permission(user, user_to_do)')
    return result

Beispiel #4

Datei: create_packages_zip.py Projekt: hubaimaster/aws-interface

def do(data, resource):
    if not env.safe_to_run_code():
        return {
            'success': False,
            'error': error.CANNOT_RUN_ON_NON_SERVERLESS
        }

    body = {}
    params = data['params']
    package_text = params.get('package_text')
    if not package_text:
        return {
            'success': False,
            'error': error.REQUIRED_PARAMS_NOT_EXIST
        }

    requirements_zip_file_id = uuid()

    requirements_zip_file_bin, response_stdout = generate_requirements_zipfile(package_text)
    resource.file_upload_bin(requirements_zip_file_id, requirements_zip_file_bin)

    body['zip_file_id'] = requirements_zip_file_id
    body['response_stdout'] = response_stdout
    return body

Beispiel #5

Datei: lambda_function.py Projekt: hubaimaster/aws-interface

    def run(self) -> None:
        print('Starting httpd...\n')
        try:
            self.can_run_subprocess = True
            self.httpd.serve_forever()
        except KeyboardInterrupt:
            pass
        self.httpd.server_close()
        print('Stopping httpd...')

    def stop(self):
        self.httpd.server_close()


if env.safe_to_run_code():
    server_thread = ServerThread()
    server_thread.start()
else:
    print('NOT SAFE TO RUN LOCAL SERVER TO RUN CODE')

# --- end of localhost server ---

CALLABLE_MODULE_WHITE_LIST = {
    # auth
    'cloud.auth.attach_group_permission',
    'cloud.auth.attach_user_group',
    'cloud.auth.detach_user_group',
    'cloud.auth.change_password',
    'cloud.auth.change_password_admin',
    'cloud.auth.delete_sessions',

Beispiel #6

Datei: get_policy_code.py Projekt: hubaimaster/aws-interface

def match_policy(policy_code, user, item):
    if not safe_to_run_code():
        return True
    exec(policy_code)
    result = eval('has_permission(user, item)')
    return result