def run_file(resourcefn, program, args, usercontext, logfile=None, simpleexec=False, usercode=None): # Armon: Initialize the circular logger before starting the nanny if logfile: # time to set up the circular logger loggerfo = loggingrepy.circular_logger(logfile) # and redirect err and out there... sys.stdout = loggerfo sys.stderr = loggerfo else: # let's make it so that the output (via print) is always flushed sys.stdout = loggingrepy.flush_logger(sys.stdout) # start the nanny up and read the resource file. nanny.start_resource_nanny(resourcefn) # now, let's fire up the cpu / disk / memory monitor... nonportable.monitor_cpu_disk_and_mem() # grab the user code from the file if not usercode: usercode = read_file(program) # Armon: Create the main namespace try: main_namespace = virtual_namespace.VirtualNamespace(usercode, program) except CodeUnsafeError, e: print "Specified repy program is unsafe!" print "Static-code analysis failed with error: "+str(e) harshexit.harshexit(5)
def initialize_nanny(resourcefn): # start the nanny up and read the resource file. # JAC: Should this take a string instead? nanny.start_resource_nanny(resourcefn) # now, let's fire up the cpu / disk / memory monitor... nonportable.monitor_cpu_disk_and_mem()
def init_restrictions(filename): # Set up tables that list the rules and resource restrictions init_restriction_tables(filename) # This flushes and initializes the tables that track resource consumption nanny.initialize_consumed_resource_tables() # Start the nanny to check resource use... nanny.start_resource_nanny()
def initialize_nanny(resourcefn): # start the nanny up and read the resource file. # JAC: Should this take a string instead? nanny.start_resource_nanny(resourcefn) # now, let's fire up the cpu / disk / memory monitor... nonportable.monitor_cpu_disk_and_mem() # JAC: I believe this is needed for interface / ip-based restrictions emulcomm.update_ip_cache()
def initialize_nanny(resourcefn): # start the nanny up and read the resource file. # JAC: Should this take a string instead? nanny.start_resource_nanny(resourcefn) # now, let's fire up the cpu / disk / memory monitor... #nonportable.monitor_cpu_disk_and_mem() # JAC: I believe this is needed for interface / ip-based restrictions emulcomm.update_ip_cache()
def initialize_restrictions(restrictionsfn): """ <Purpose> Sets up restrictions. This allows some resources to be metered despite the use of repyportability / repyhelper. CPU / memory / disk space will not be metered. Call restrictions will also be enabled. <Arguments> restrictionsfn: The file name of the restrictions file. <Exceptions> None. <Side Effects> Enables restrictions. <Returns> None """ nanny.start_resource_nanny(restrictionsfn)
def main(resourcefn, program, args): # Armon: Initialize the circular logger before starting the nanny if logfile: # time to set up the circular logger loggerfo = loggingrepy.circular_logger(logfile) # and redirect err and out there... sys.stdout = loggerfo sys.stderr = loggerfo else: # let's make it so that the output (via print) is always flushed sys.stdout = loggingrepy.flush_logger(sys.stdout) # start the nanny up and read the resource file. nanny.start_resource_nanny(resourcefn) # now, let's fire up the cpu / disk / memory monitor... nonportable.monitor_cpu_disk_and_mem() # Armon: Update our IP cache emulcomm.update_ip_cache() # These will be the functions and variables in the user's namespace (along # with the builtins allowed by the safe module). usercontext = {'mycontext':{}} # Add to the user's namespace wrapped versions of the API functions we make # available to the untrusted user code. namespace.wrap_and_insert_api_functions(usercontext) # Convert the usercontext from a dict to a SafeDict usercontext = safe.SafeDict(usercontext) # Allow some introspection by providing a reference to the context usercontext["_context"] = usercontext # BAD:REMOVE all API imports usercontext["getresources"] = nonportable.get_resources usercontext["mycontext"]["wallclocktime"] = time.time #usercontext["openfile"] = emulfile.emulated_open #usercontext["listfiles"] = emulfile.listfiles #usercontext["removefile"] = emulfile.removefile #usercontext["exitall"] = emulmisc.exitall #usercontext["createlock"] = emulmisc.createlock #usercontext["getruntime"] = emulmisc.getruntime #usercontext["randombytes"] = emulmisc.randombytes #usercontext["createthread"] = emultimer.createthread #usercontext["sleep"] = emultimer.sleep #usercontext["getthreadname"] = emulmisc.getthreadname usercontext["createvirtualnamespace"] = virtual_namespace.createvirtualnamespace usercontext["getlasterror"] = emulmisc.getlasterror # grab the user code from the file try: usercode = file(program).read() except: print "Failed to read the specified file: '"+program+"'" raise # Armon: Create the main namespace try: main_namespace = virtual_namespace.VirtualNamespace(usercode, program) except CodeUnsafeError, e: print "Specified repy program is unsafe!" print "Static-code analysis failed with error: "+str(e) harshexit.harshexit(5)
def init_namespace(resourcefn, program, args): global idlethreadcount, event_id # Armon: Initialize the circular logger before starting the nanny if logfile: # time to set up the circular logger loggerfo = loggingrepy.circular_logger(logfile) # and redirect err and out there... sys.stdout = loggerfo sys.stderr = loggerfo else: # let's make it so that the output (via print) is always flushed sys.stdout = loggingrepy.flush_logger(sys.stdout) # start the nanny up and read the resource file. nanny.start_resource_nanny(resourcefn) # now, let's fire up the cpu / disk / memory monitor... # nonportable.monitor_cpu_disk_and_mem() # Armon: Update our IP cache emulcomm.update_ip_cache() # These will be the functions and variables in the user's namespace (along # with the builtins allowed by the safe module). usercontext = {'mycontext': {}} # Add to the user's namespace wrapped versions of the API functions we make # available to the untrusted user code. namespace.wrap_and_insert_api_functions(usercontext) # Convert the usercontext from a dict to a SafeDict usercontext = safe.SafeDict(usercontext) # Allow some introspection by providing a reference to the context usercontext["_context"] = usercontext # BAD:REMOVE all API imports usercontext["getresources"] = nonportable.get_resources usercontext["mycontext"]["wallclocktime"] = time.time #usercontext["openfile"] = emulfile.emulated_open #usercontext["listfiles"] = emulfile.listfiles #usercontext["removefile"] = emulfile.removefile #usercontext["exitall"] = emulmisc.exitall #usercontext["createlock"] = emulmisc.createlock #usercontext["getruntime"] = emulmisc.getruntime #usercontext["randombytes"] = emulmisc.randombytes #usercontext["createthread"] = emultimer.createthread #usercontext["sleep"] = emultimer.sleep #usercontext["getthreadname"] = emulmisc.getthreadname usercontext[ "createvirtualnamespace"] = virtual_namespace.createvirtualnamespace usercontext["getlasterror"] = emulmisc.getlasterror # grab the user code from the file try: usercode = file(program).read() except: print "Failed to read the specified file: '" + program + "'" raise # Armon: Create the main namespace try: main_namespace = virtual_namespace.VirtualNamespace(usercode, program) except CodeUnsafeError, e: print "Specified repy program is unsafe!" print "Static-code analysis failed with error: " + str(e) harshexit.harshexit(5)