예제 #1
0
파일: repy.py 프로젝트: david-hock/ToMaTo
def run_file(resourcefn, program, args, usercontext, logfile=None, simpleexec=False, usercode=None):
  # Armon: Initialize the circular logger before starting the nanny
  if logfile:
    # time to set up the circular logger
    loggerfo = loggingrepy.circular_logger(logfile)
    # and redirect err and out there...
    sys.stdout = loggerfo
    sys.stderr = loggerfo
  else:
    # let's make it so that the output (via print) is always flushed
    sys.stdout = loggingrepy.flush_logger(sys.stdout)
    
  # start the nanny up and read the resource file.  
  nanny.start_resource_nanny(resourcefn)

  # now, let's fire up the cpu / disk / memory monitor...
  nonportable.monitor_cpu_disk_and_mem()

  # grab the user code from the file
  if not usercode:
    usercode = read_file(program)

  # Armon: Create the main namespace
  try:
    main_namespace = virtual_namespace.VirtualNamespace(usercode, program)
  except CodeUnsafeError, e:
    print "Specified repy program is unsafe!"
    print "Static-code analysis failed with error: "+str(e)
    harshexit.harshexit(5)
예제 #2
0
def parse_options(options):
    """ Parse the specified options and initialize all required structures
  Note: This modifies global state, specifically, the emulcomm module
  """
    if options.ip:
        emulcomm.user_ip_interface_preferences = True

        # Append this ip to the list of available ones if it is new
        for ip in options.ip:
            if (True, ip) not in emulcomm.user_specified_ip_interface_list:
                emulcomm.user_specified_ip_interface_list.append((True, ip))

    if options.interface:
        emulcomm.user_ip_interface_preferences = True

        # Append this interface to the list of available ones if it is new
        for interface in options.interface:
            if (False, interface
                ) not in emulcomm.user_specified_ip_interface_list:
                emulcomm.user_specified_ip_interface_list.append(
                    (False, interface))

    # Check if they have told us to only use explicitly allowed IP's and interfaces
    if options.nootherips:
        # Set user preference to True
        emulcomm.user_ip_interface_preferences = True
        # Disable nonspecified IP's
        emulcomm.allow_nonspecified_ips = False

    # set up the circular log buffer...
    # Armon: Initialize the circular logger before starting the nanny
    if options.logfile:
        # time to set up the circular logger
        loggerfo = loggingrepy.circular_logger(options.logfile)
        # and redirect err and out there...
        sys.stdout = loggerfo
        sys.stderr = loggerfo
    else:
        # let's make it so that the output (via print) is always flushed
        sys.stdout = loggingrepy.flush_logger(sys.stdout)

    # We also need to pass in whether or not we are going to be using the service
    # log for repy.  We provide the repy directory so that the vessel information
    # can be found regardless of where we are called from...
    tracebackrepy.initialize(options.servicelog, repy_constants.REPY_START_DIR)

    # Set Current Working Directory
    if options.cwd:
        os.chdir(options.cwd)

    # Update repy current directory
    repy_constants.REPY_CURRENT_DIR = os.path.abspath(os.getcwd())

    # Initialize the NM status interface
    nmstatusinterface.init(options.stopfile, options.statusfile)

    # Write out our initial status
    statusstorage.write_status("Started")
예제 #3
0
def parse_options(options):
  """ Parse the specified options and initialize all required structures
  Note: This modifies global state, specifically, the emulcomm module
  """
  if options.ip:
    emulcomm.user_ip_interface_preferences = True

    # Append this ip to the list of available ones if it is new
    for ip in options.ip:
      if (True, ip) not in emulcomm.user_specified_ip_interface_list:
        emulcomm.user_specified_ip_interface_list.append((True, ip))

  if options.interface:
    emulcomm.user_ip_interface_preferences = True
      
    # Append this interface to the list of available ones if it is new
    for interface in options.interface:
      if (False, interface) not in emulcomm.user_specified_ip_interface_list:
        emulcomm.user_specified_ip_interface_list.append((False, interface))

  # Check if they have told us to only use explicitly allowed IP's and interfaces
  if options.nootherips:
    # Set user preference to True
    emulcomm.user_ip_interface_preferences = True
    # Disable nonspecified IP's
    emulcomm.allow_nonspecified_ips = False
    
  # set up the circular log buffer...
  # Armon: Initialize the circular logger before starting the nanny
  if options.logfile:
    # time to set up the circular logger
    loggerfo = loggingrepy.circular_logger(options.logfile)
    # and redirect err and out there...
    sys.stdout = loggerfo
    sys.stderr = loggerfo
  else:
    # let's make it so that the output (via print) is always flushed
    sys.stdout = loggingrepy.flush_logger(sys.stdout)
    
  # We also need to pass in whether or not we are going to be using the service
  # log for repy.  We provide the repy directory so that the vessel information
  # can be found regardless of where we are called from...
  tracebackrepy.initialize(options.servicelog, repy_constants.REPY_START_DIR)

  # Set Current Working Directory
  if options.cwd:
    os.chdir(options.cwd)

  # Update repy current directory
  repy_constants.REPY_CURRENT_DIR = os.path.abspath(os.getcwd())

  # Initialize the NM status interface
  nmstatusinterface.init(options.stopfile, options.statusfile)
  
  # Write out our initial status
  statusstorage.write_status("Started")
예제 #4
0
파일: repy.py 프로젝트: stredger/viewpoints
def main(restrictionsfn, program, args):

  # Armon: Initialize the circular logger before forking in init_restrictions()
  if logfile:
    # time to set up the circular logger
    loggerfo = loggingrepy.circular_logger(logfile)
    # and redirect err and out there...
    sys.stdout = loggerfo
    sys.stderr = loggerfo
  else:
    # let's make it so that the output (via print) is always flushed
    sys.stdout = loggingrepy.flush_logger(sys.stdout)
    
  # start the nanny up and read the restrictions files.  
  restrictions.init_restrictions(restrictionsfn)

  # Armon: Update our IP cache
  emulcomm.update_ip_cache()


  # These will be the functions and variables in the user's namespace (along
  # with the builtins allowed by the safe module).
  usercontext = {'mycontext':{}}
  
  # Add to the user's namespace wrapped versions of the API functions we make
  # available to the untrusted user code.
  namespace.wrap_and_insert_api_functions(usercontext)

  # Convert the usercontext from a dict to a SafeDict
  usercontext = safe.SafeDict(usercontext)

  # Allow some introspection by providing a reference to the context
  usercontext["_context"] = usercontext

  # let's try three times to load the file...
  for attempts in range(3):
    try:
      # grab the user code from the file
      usercode = file(program).read()
      # and then exit the loop on success
      break

    except (OSError, IOError), e:
      # Might be an interrupted system call, if so retry... (#840)
      if 'nterrupred system call' in str(e):
        continue

      print "Failed to read the specified file: '"+program+"'"
      raise

    except:
예제 #5
0
def main(restrictionsfn, program, args):

  # Armon: Initialize the circular logger before forking in init_restrictions()
  if logfile:
    # time to set up the circular logger
    loggerfo = loggingrepy.circular_logger(logfile)
    # and redirect err and out there...
    sys.stdout = loggerfo
    sys.stderr = loggerfo
  else:
    # let's make it so that the output (via print) is always flushed
    sys.stdout = loggingrepy.flush_logger(sys.stdout)
    
  # start the nanny up and read the restrictions files.  
  restrictions.init_restrictions(restrictionsfn)

  # Armon: Update our IP cache
  emulcomm.update_ip_cache()


  # These will be the functions and variables in the user's namespace (along
  # with the builtins allowed by the safe module).
  usercontext = {'mycontext':{}}
  
  # Add to the user's namespace wrapped versions of the API functions we make
  # available to the untrusted user code.
  namespace.wrap_and_insert_api_functions(usercontext)

  # Convert the usercontext from a dict to a SafeDict
  usercontext = safe.SafeDict(usercontext)

  # Allow some introspection by providing a reference to the context
  usercontext["_context"] = usercontext

  # let's try three times to load the file...
  for attempts in range(3):
    try:
      # grab the user code from the file
      usercode = file(program).read()
      # and then exit the loop on success
      break

    except (OSError, IOError), e:
      # Might be an interrupted system call, if so retry... (#840)
      if 'nterrupred system call' in str(e):
        continue

      print "Failed to read the specified file: '"+program+"'"
      raise

    except:
예제 #6
0
def main(resourcefn, program, args):

  # Armon: Initialize the circular logger before starting the nanny
  if logfile:
    # time to set up the circular logger
    loggerfo = loggingrepy.circular_logger(logfile)
    # and redirect err and out there...
    sys.stdout = loggerfo
    sys.stderr = loggerfo
  else:
    # let's make it so that the output (via print) is always flushed
    sys.stdout = loggingrepy.flush_logger(sys.stdout)
    
  # start the nanny up and read the resource file.  
  nanny.start_resource_nanny(resourcefn)

  # now, let's fire up the cpu / disk / memory monitor...
  nonportable.monitor_cpu_disk_and_mem()

  # Armon: Update our IP cache
  emulcomm.update_ip_cache()


  # These will be the functions and variables in the user's namespace (along
  # with the builtins allowed by the safe module).
  usercontext = {'mycontext':{}}
  
  # Add to the user's namespace wrapped versions of the API functions we make
  # available to the untrusted user code.
  namespace.wrap_and_insert_api_functions(usercontext)

  # Convert the usercontext from a dict to a SafeDict
  usercontext = safe.SafeDict(usercontext)

  # Allow some introspection by providing a reference to the context
  usercontext["_context"] = usercontext

  # BAD:REMOVE all API imports
  usercontext["getresources"] = nonportable.get_resources
  usercontext["mycontext"]["wallclocktime"] = time.time
  #usercontext["openfile"] = emulfile.emulated_open
  #usercontext["listfiles"] = emulfile.listfiles
  #usercontext["removefile"] = emulfile.removefile
  #usercontext["exitall"] = emulmisc.exitall
  #usercontext["createlock"] = emulmisc.createlock
  #usercontext["getruntime"] = emulmisc.getruntime
  #usercontext["randombytes"] = emulmisc.randombytes
  #usercontext["createthread"] = emultimer.createthread
  #usercontext["sleep"] = emultimer.sleep
  #usercontext["getthreadname"] = emulmisc.getthreadname
  usercontext["createvirtualnamespace"] = virtual_namespace.createvirtualnamespace
  usercontext["getlasterror"] = emulmisc.getlasterror
      
  # grab the user code from the file
  try:
    usercode = file(program).read()
  except:
    print "Failed to read the specified file: '"+program+"'"
    raise

  # Armon: Create the main namespace
  try:
    main_namespace = virtual_namespace.VirtualNamespace(usercode, program)
  except CodeUnsafeError, e:
    print "Specified repy program is unsafe!"
    print "Static-code analysis failed with error: "+str(e)
    harshexit.harshexit(5)
예제 #7
0
def init_namespace(resourcefn, program, args):

    global idlethreadcount, event_id

    # Armon: Initialize the circular logger before starting the nanny
    if logfile:
        # time to set up the circular logger
        loggerfo = loggingrepy.circular_logger(logfile)
        # and redirect err and out there...
        sys.stdout = loggerfo
        sys.stderr = loggerfo
    else:
        # let's make it so that the output (via print) is always flushed
        sys.stdout = loggingrepy.flush_logger(sys.stdout)

    # start the nanny up and read the resource file.
    nanny.start_resource_nanny(resourcefn)

    # now, let's fire up the cpu / disk / memory monitor...
    # nonportable.monitor_cpu_disk_and_mem()

    # Armon: Update our IP cache
    emulcomm.update_ip_cache()

    # These will be the functions and variables in the user's namespace (along
    # with the builtins allowed by the safe module).
    usercontext = {'mycontext': {}}

    # Add to the user's namespace wrapped versions of the API functions we make
    # available to the untrusted user code.
    namespace.wrap_and_insert_api_functions(usercontext)

    # Convert the usercontext from a dict to a SafeDict
    usercontext = safe.SafeDict(usercontext)

    # Allow some introspection by providing a reference to the context
    usercontext["_context"] = usercontext

    # BAD:REMOVE all API imports
    usercontext["getresources"] = nonportable.get_resources
    usercontext["mycontext"]["wallclocktime"] = time.time
    #usercontext["openfile"] = emulfile.emulated_open
    #usercontext["listfiles"] = emulfile.listfiles
    #usercontext["removefile"] = emulfile.removefile
    #usercontext["exitall"] = emulmisc.exitall
    #usercontext["createlock"] = emulmisc.createlock
    #usercontext["getruntime"] = emulmisc.getruntime
    #usercontext["randombytes"] = emulmisc.randombytes
    #usercontext["createthread"] = emultimer.createthread
    #usercontext["sleep"] = emultimer.sleep
    #usercontext["getthreadname"] = emulmisc.getthreadname
    usercontext[
        "createvirtualnamespace"] = virtual_namespace.createvirtualnamespace
    usercontext["getlasterror"] = emulmisc.getlasterror

    # grab the user code from the file
    try:
        usercode = file(program).read()
    except:
        print "Failed to read the specified file: '" + program + "'"
        raise

    # Armon: Create the main namespace
    try:
        main_namespace = virtual_namespace.VirtualNamespace(usercode, program)
    except CodeUnsafeError, e:
        print "Specified repy program is unsafe!"
        print "Static-code analysis failed with error: " + str(e)
        harshexit.harshexit(5)