def main():
filecpp = sys.argv[1]
filetxt = sys.argv[2]
filext = sys.argv[3]
cmd = "./bash1.sh" + " " + filecpp + " " + filetxt + " " + filext
resource.setrlimit(resource.RLIMIT_CPU, (1, 3))
#The maximum amount of processor time (in seconds) that a process can use.
soft, hard = 10**10, 10**10
resource.setrlimit(resource.RLIMIT_AS, (soft, hard))
#The maximum area (in bytes) of address space which may be taken by the process.
# we can provide more restriction by using these..
#resource.setrlimit(resource.RLIMIT_DATA,(s,h))
#The maximum size (in bytes) of the process s heap.
#resource.setrlimit(resource.RLIMIT_STACK(s,h))
#The maximum size (in bytes) of the call stack for the current process.
#resource.setrlimit(resource.RLIMIT_NPROC,(4,4))
#The maximum number of processes the current process may create.
sandbox = Sandbox()
sandbox.call(perform, cmd)
#executing the code in sandbox environment
signal.signal(signal.SIGXCPU, time_exceeded)
soft, hard = resource.getrlimit(resource.RLIMIT_CPU)
def main(): filecpp=sys.argv[1] filetxt=sys.argv[2] filext=sys.argv[3] cmd="./bash1.sh"+" "+filecpp+" "+filetxt+" "+filext resource.setrlimit(resource.RLIMIT_CPU,(1,3)) #The maximum amount of processor time (in seconds) that a process can use. soft, hard = 10**10, 10**10 resource.setrlimit(resource.RLIMIT_AS,(soft,hard)) #The maximum area (in bytes) of address space which may be taken by the process. # we can provide more restriction by using these.. #resource.setrlimit(resource.RLIMIT_DATA,(s,h)) #The maximum size (in bytes) of the process s heap. #resource.setrlimit(resource.RLIMIT_STACK(s,h)) #The maximum size (in bytes) of the call stack for the current process. #resource.setrlimit(resource.RLIMIT_NPROC,(4,4)) #The maximum number of processes the current process may create. sandbox=Sandbox() sandbox.call(perform,cmd) #executing the code in sandbox environment signal.signal(signal.SIGXCPU,time_exceeded) soft, hard = resource.getrlimit(resource.RLIMIT_CPU)
class Interpreter(object):
def __init__(self, resource):
self.resource = resource
self.sandbox = Sandbox()
self._context = None
self.make_context()
def make_context(self):
raise NotImplementedError('Interpreter.make_context')
def _context_call(self, *args):
raise NotImplementedError('Interpreter._context_call')
def _context_eval(self, *args):
raise NotImplementedError('Interpreter._context_eval')
def call(self, *args):
return self.sandbox.call(self._context_call, *args)
def eval(self, *args):
return self.sandbox.call(self._context_eval, *args)
@property
def content(self):
return self.resource.content
def test_proxy_module():
def check_proxy_module():
from sys import modules
try:
modules['sys']
except SandboxError as err:
assert str(err) == "Unable to proxy a value of type <type 'module'>"
else:
assert False
config = createSandboxConfig()
config.allowModule('sys', 'modules')
sandbox = Sandbox(config)
sandbox.call(check_proxy_module)
def test_crash():
if not createSandboxConfig.use_subprocess:
raise SkipTest("catching a crash is only supported with subprocess")
def crash():
import _sandbox
_sandbox._test_crash()
config = createSandboxConfig()
config.allowSafeModule("_sandbox", "_test_crash")
sand = Sandbox(config)
try:
sand.call(crash)
except SandboxError, err:
assert str(err) == 'subprocess killed by signal 11', str(err)
def test_crash():
if not createSandboxConfig.use_subprocess:
raise SkipTest("catching a crash is only supported with subprocess")
def crash():
import _sandbox
_sandbox._test_crash()
config = createSandboxConfig()
config.allowSafeModule("_sandbox", "_test_crash")
sand = Sandbox(config)
try:
sand.call(crash)
except SandboxError, err:
assert str(err) == 'subprocess killed by signal 11', str(err)
def main():
filecpp = sys.argv[1]
filetxt = sys.argv[2]
filext = sys.argv[3]
cmd = "./bash2.sh" + " " + filecpp + " " + filetxt + " " + filext
resource.setrlimit(resource.RLIMIT_CPU, (1, 3))
#The maximum amount of processor time (in seconds) that a process can use.
soft, hard = 10**10, 10**10
resource.setrlimit(resource.RLIMIT_AS, (soft, hard))
#The maximum area (in bytes) of address space which may be taken by the process.
sandbox = Sandbox()
sandbox.call(perform, cmd)
signal.signal(signal.SIGXCPU, time_exceeded)
soft, hard = resource.getrlimit(resource.RLIMIT_CPU)
def main():
filecpp = sys.argv[1]
filetxt = sys.argv[2]
filext = sys.argv[3]
cmd = "./bash2.sh" + " " + filecpp + " " + filetxt + " " + filext
resource.setrlimit(resource.RLIMIT_CPU, (1, 3))
# The maximum amount of processor time (in seconds) that a process can use.
soft, hard = 10 ** 10, 10 ** 10
resource.setrlimit(resource.RLIMIT_AS, (soft, hard))
# The maximum area (in bytes) of address space which may be taken by the process.
sandbox = Sandbox()
sandbox.call(perform, cmd)
signal.signal(signal.SIGXCPU, time_exceeded)
soft, hard = resource.getrlimit(resource.RLIMIT_CPU)
def evaluate_job(job):
# Deserialize the job description. Lots that can go wrong here.
try:
action = cPickle.loads(base64.b64decode(job))
except Exception as e:
print("[!] Deserialize Failed", e)
try:
if 'name' not in action or 'description' not in action:
return None
except:
return None
# run the code in pysandbox. Apparently this can be broken out of, but
# should be fine for our trusted users.
sandbox = Sandbox()
print("[!] Running %s" % action['name'])
sandbox.call(handler, action['description'])
print("[!] Finished %s" % action['name'])
return None
def main(self):
if not self.options.quiet:
print("pysandbox %s" % VERSION)
self.dumpConfig()
if 'help' in self.config.features:
# Import pydoc here because it uses a lot of modules
# blocked by the sandbox
import pydoc
if self.config.cpython_restricted:
# Import is blocked in restricted mode, so preload modules
import codecs
import encodings
import encodings.utf_8
import encodings.utf_16_be
if version_info >= (2, 6):
import encodings.utf_32_be
if sys.stdout.encoding:
codecs.lookup(sys.stdout.encoding)
codecs.lookup(ENCODING)
sys.ps1 = '\nsandbox>>> '
sys.ps2 = '.......... '
sys.displayhook = self.displayhook
sandbox = Sandbox(self.config)
sandbox.call(self.interact)
def main(self):
if not self.options.quiet:
print("pysandbox %s" % VERSION)
self.dumpConfig()
if 'help' in self.config.features:
# Import pydoc here because it uses a lot of modules
# blocked by the sandbox
import pydoc
if self.config.cpython_restricted:
# Import is blocked in restricted mode, so preload modules
import codecs
import encodings
import encodings.utf_8
import encodings.utf_16_be
if version_info >= (2, 6):
import encodings.utf_32_be
if sys.stdout.encoding:
codecs.lookup(sys.stdout.encoding)
codecs.lookup(ENCODING)
sys.ps1 = '\nsandbox>>> '
sys.ps2 = '.......... '
sys.displayhook = self.displayhook
sandbox = Sandbox(self.config)
sandbox.call(self.interact)
sandbox = createSandbox()
try:
sandbox.call(setDict, person)
except SandboxError, err:
assert str(err) == 'Read only object'
except RuntimeError, err:
assert str(
err) == 'instance.__dict__ not accessible in restricted mode'
else:
assert False
setDict(person)
assert person.name == "victor"
def test_proxy_module():
def check_proxy_module():
from sys import modules
try:
modules['sys']
except SandboxError, err:
assert str(
err) == "Unable to proxy a value of type <type 'module'>"
else:
assert False
config = createSandboxConfig()
config.allowModule('sys', 'modules')
sandbox = Sandbox(config)
sandbox.call(check_proxy_module)
person = Person("haypo")
sandbox = createSandbox()
try:
sandbox.call(setDict, person)
except SandboxError, err:
assert str(err) == 'Read only object'
except RuntimeError, err:
assert str(err) == 'instance.__dict__ not accessible in restricted mode'
else:
assert False
setDict(person)
assert person.name == "victor"
def test_proxy_module():
def check_proxy_module():
from sys import modules
try:
modules['sys']
except SandboxError, err:
assert str(err) == "Unable to proxy a value of type <type 'module'>"
else:
assert False
config = createSandboxConfig()
config.allowModule('sys', 'modules')
sandbox = Sandbox(config)
sandbox.call(check_proxy_module)
