def main(): filecpp = sys.argv[1] filetxt = sys.argv[2] filext = sys.argv[3] cmd = "./bash1.sh" + " " + filecpp + " " + filetxt + " " + filext resource.setrlimit(resource.RLIMIT_CPU, (1, 3)) #The maximum amount of processor time (in seconds) that a process can use. soft, hard = 10**10, 10**10 resource.setrlimit(resource.RLIMIT_AS, (soft, hard)) #The maximum area (in bytes) of address space which may be taken by the process. # we can provide more restriction by using these.. #resource.setrlimit(resource.RLIMIT_DATA,(s,h)) #The maximum size (in bytes) of the process s heap. #resource.setrlimit(resource.RLIMIT_STACK(s,h)) #The maximum size (in bytes) of the call stack for the current process. #resource.setrlimit(resource.RLIMIT_NPROC,(4,4)) #The maximum number of processes the current process may create. sandbox = Sandbox() sandbox.call(perform, cmd) #executing the code in sandbox environment signal.signal(signal.SIGXCPU, time_exceeded) soft, hard = resource.getrlimit(resource.RLIMIT_CPU)
def main(): filecpp=sys.argv[1] filetxt=sys.argv[2] filext=sys.argv[3] cmd="./bash1.sh"+" "+filecpp+" "+filetxt+" "+filext resource.setrlimit(resource.RLIMIT_CPU,(1,3)) #The maximum amount of processor time (in seconds) that a process can use. soft, hard = 10**10, 10**10 resource.setrlimit(resource.RLIMIT_AS,(soft,hard)) #The maximum area (in bytes) of address space which may be taken by the process. # we can provide more restriction by using these.. #resource.setrlimit(resource.RLIMIT_DATA,(s,h)) #The maximum size (in bytes) of the process s heap. #resource.setrlimit(resource.RLIMIT_STACK(s,h)) #The maximum size (in bytes) of the call stack for the current process. #resource.setrlimit(resource.RLIMIT_NPROC,(4,4)) #The maximum number of processes the current process may create. sandbox=Sandbox() sandbox.call(perform,cmd) #executing the code in sandbox environment signal.signal(signal.SIGXCPU,time_exceeded) soft, hard = resource.getrlimit(resource.RLIMIT_CPU)
class Interpreter(object): def __init__(self, resource): self.resource = resource self.sandbox = Sandbox() self._context = None self.make_context() def make_context(self): raise NotImplementedError('Interpreter.make_context') def _context_call(self, *args): raise NotImplementedError('Interpreter._context_call') def _context_eval(self, *args): raise NotImplementedError('Interpreter._context_eval') def call(self, *args): return self.sandbox.call(self._context_call, *args) def eval(self, *args): return self.sandbox.call(self._context_eval, *args) @property def content(self): return self.resource.content
def test_proxy_module(): def check_proxy_module(): from sys import modules try: modules['sys'] except SandboxError as err: assert str(err) == "Unable to proxy a value of type <type 'module'>" else: assert False config = createSandboxConfig() config.allowModule('sys', 'modules') sandbox = Sandbox(config) sandbox.call(check_proxy_module)
def test_crash(): if not createSandboxConfig.use_subprocess: raise SkipTest("catching a crash is only supported with subprocess") def crash(): import _sandbox _sandbox._test_crash() config = createSandboxConfig() config.allowSafeModule("_sandbox", "_test_crash") sand = Sandbox(config) try: sand.call(crash) except SandboxError, err: assert str(err) == 'subprocess killed by signal 11', str(err)
def main(): filecpp = sys.argv[1] filetxt = sys.argv[2] filext = sys.argv[3] cmd = "./bash2.sh" + " " + filecpp + " " + filetxt + " " + filext resource.setrlimit(resource.RLIMIT_CPU, (1, 3)) #The maximum amount of processor time (in seconds) that a process can use. soft, hard = 10**10, 10**10 resource.setrlimit(resource.RLIMIT_AS, (soft, hard)) #The maximum area (in bytes) of address space which may be taken by the process. sandbox = Sandbox() sandbox.call(perform, cmd) signal.signal(signal.SIGXCPU, time_exceeded) soft, hard = resource.getrlimit(resource.RLIMIT_CPU)
def main(): filecpp = sys.argv[1] filetxt = sys.argv[2] filext = sys.argv[3] cmd = "./bash2.sh" + " " + filecpp + " " + filetxt + " " + filext resource.setrlimit(resource.RLIMIT_CPU, (1, 3)) # The maximum amount of processor time (in seconds) that a process can use. soft, hard = 10 ** 10, 10 ** 10 resource.setrlimit(resource.RLIMIT_AS, (soft, hard)) # The maximum area (in bytes) of address space which may be taken by the process. sandbox = Sandbox() sandbox.call(perform, cmd) signal.signal(signal.SIGXCPU, time_exceeded) soft, hard = resource.getrlimit(resource.RLIMIT_CPU)
def evaluate_job(job): # Deserialize the job description. Lots that can go wrong here. try: action = cPickle.loads(base64.b64decode(job)) except Exception as e: print("[!] Deserialize Failed", e) try: if 'name' not in action or 'description' not in action: return None except: return None # run the code in pysandbox. Apparently this can be broken out of, but # should be fine for our trusted users. sandbox = Sandbox() print("[!] Running %s" % action['name']) sandbox.call(handler, action['description']) print("[!] Finished %s" % action['name']) return None
def main(self): if not self.options.quiet: print("pysandbox %s" % VERSION) self.dumpConfig() if 'help' in self.config.features: # Import pydoc here because it uses a lot of modules # blocked by the sandbox import pydoc if self.config.cpython_restricted: # Import is blocked in restricted mode, so preload modules import codecs import encodings import encodings.utf_8 import encodings.utf_16_be if version_info >= (2, 6): import encodings.utf_32_be if sys.stdout.encoding: codecs.lookup(sys.stdout.encoding) codecs.lookup(ENCODING) sys.ps1 = '\nsandbox>>> ' sys.ps2 = '.......... ' sys.displayhook = self.displayhook sandbox = Sandbox(self.config) sandbox.call(self.interact)
sandbox = createSandbox() try: sandbox.call(setDict, person) except SandboxError, err: assert str(err) == 'Read only object' except RuntimeError, err: assert str( err) == 'instance.__dict__ not accessible in restricted mode' else: assert False setDict(person) assert person.name == "victor" def test_proxy_module(): def check_proxy_module(): from sys import modules try: modules['sys'] except SandboxError, err: assert str( err) == "Unable to proxy a value of type <type 'module'>" else: assert False config = createSandboxConfig() config.allowModule('sys', 'modules') sandbox = Sandbox(config) sandbox.call(check_proxy_module)
person = Person("haypo") sandbox = createSandbox() try: sandbox.call(setDict, person) except SandboxError, err: assert str(err) == 'Read only object' except RuntimeError, err: assert str(err) == 'instance.__dict__ not accessible in restricted mode' else: assert False setDict(person) assert person.name == "victor" def test_proxy_module(): def check_proxy_module(): from sys import modules try: modules['sys'] except SandboxError, err: assert str(err) == "Unable to proxy a value of type <type 'module'>" else: assert False config = createSandboxConfig() config.allowModule('sys', 'modules') sandbox = Sandbox(config) sandbox.call(check_proxy_module)