예제 #1
0
    def disable(self, sandbox):
        # Restore builtin functions
        self.builtin_dict.restore()

        # Restore modifiable builtins
        if HAVE_CSANDBOX:
            set_frame_builtins(self.frame, self.builtins_dict)
            if not sandbox.config.cpython_restricted:
                set_interp_builtins(self.builtins_dict)
        for module_dict in self.modules_dict:
            module_dict['__builtins__'] = self.builtins_dict
        self.main_module.__dict__['__builtins__'] = BUILTINS_MODULE
예제 #2
0
파일: builtins.py 프로젝트: trun/pysandbox
    def enable(self, sandbox):
        config = sandbox.config

        # Remove all symbols not in the whitelist
        whitelist = config.builtins_whitelist
        keys = set(self.builtin_dict.dict.iterkeys())
        for key in keys - whitelist:
            del self.builtin_dict[key]

        # Get frame builtins
        self.frame = _getframe(2)
        self.builtins_dict = self.get_frame_builtins(self.frame)

        # Get module list
        self.modules_dict = []
        for name, module in sys.modules.iteritems():
            if module is None:
                continue
            if '__builtins__' not in module.__dict__:
                # builtin modules have no __dict__ attribute
                continue
            if name == "__main__":
                 # __main__ is handled differently, see below
                continue
            self.modules_dict.append(module.__dict__)
        self.main_module = sys.modules['__main__']

        # Replace open and file functions
        if not config.cpython_restricted:
            open_whitelist = config.open_whitelist
            safe_open = _safe_open(open_whitelist)
            self.builtin_dict['open'] = safe_open
            if version_info < (3, 0):
                self.builtin_dict['file'] = safe_open

        # Replace __import__ function
        import_whitelist = config.import_whitelist
        self.builtin_dict['__import__'] = _safe_import(__import__, import_whitelist)

        # Replace exit function
        if 'exit' not in config.features:
            def safe_exit(code=0):
                raise SandboxError("exit() function blocked by the sandbox")
            self.builtin_dict['exit'] = safe_exit

        # Replace help function
        help_func = self.builtin_dict.dict.get('help')
        if help_func:
            if 'help' in config.features:
                self.builtin_dict['help'] = createReadOnlyObject(help_func)
            else:
                del self.builtin_dict['help']

        # Add additional builtins
        for name, func in config.builtins_additions.items():
            self.builtin_dict[name] = createReadOnlyObject(func)

        # Make builtins read only (enable restricted mode)
        safe_builtins = createReadOnlyBuiltins(self.builtin_dict.dict)
        if HAVE_CSANDBOX:
            set_frame_builtins(self.frame, safe_builtins)
            if not config.cpython_restricted:
                set_interp_builtins(safe_builtins)
        for module_dict in self.modules_dict:
            module_dict['__builtins__'] = safe_builtins
        self.main_module.__dict__['__builtins__'] = safe_builtins
예제 #3
0
    def enable(self, sandbox):
        config = sandbox.config

        # Remove all symbols not in the whitelist
        whitelist = config.builtins_whitelist
        keys = set(self.builtin_dict.dict.iterkeys())
        for key in keys - whitelist:
            del self.builtin_dict[key]

        # Get frame builtins
        self.frame = sandbox.frame
        self.builtins_dict = self.get_frame_builtins(self.frame)

        # Get module list
        self.modules_dict = []
        for name, module in sys.modules.iteritems():
            if module is None:
                continue
            if '__builtins__' not in module.__dict__:
                # builtin modules have no __dict__ attribute
                continue
            if name == "__main__":
                # __main__ is handled differently, see below
                continue
            self.modules_dict.append(module.__dict__)
        self.main_module = sys.modules['__main__']

        # Replace open and file functions
        if not config.cpython_restricted:
            open_whitelist = config.open_whitelist
            safe_open = _safe_open(open_whitelist)
            self.builtin_dict['open'] = safe_open
            if version_info < (3, 0):
                self.builtin_dict['file'] = safe_open

        # Replace __import__ function
        import_whitelist = config.import_whitelist
        self.builtin_dict['__import__'] = _safe_import(__import__,
                                                       import_whitelist)

        # Replace exit function
        if 'exit' not in config.features:

            def safe_exit(code=0):
                raise SandboxError("exit() function blocked by the sandbox")

            self.builtin_dict['exit'] = safe_exit

        # Replace help function
        help_func = self.builtin_dict.dict.get('help')
        if help_func:
            if 'help' in config.features:
                self.builtin_dict['help'] = createReadOnlyObject(help_func)
            else:
                del self.builtin_dict['help']

        # Make builtins read only (enable restricted mode)
        safe_builtins = createReadOnlyBuiltins(self.builtin_dict.dict)
        if HAVE_CSANDBOX:
            set_frame_builtins(self.frame, safe_builtins)
            if not config.cpython_restricted:
                set_interp_builtins(safe_builtins)
        for module_dict in self.modules_dict:
            module_dict['__builtins__'] = safe_builtins
        self.main_module.__dict__['__builtins__'] = safe_builtins