def run_file(resourcefn, program, args, usercontext, logfile=None, simpleexec=False, usercode=None):
# Armon: Initialize the circular logger before starting the nanny
if logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# start the nanny up and read the resource file.
nanny.start_resource_nanny(resourcefn)
# now, let's fire up the cpu / disk / memory monitor...
nonportable.monitor_cpu_disk_and_mem()
# grab the user code from the file
if not usercode:
usercode = read_file(program)
# Armon: Create the main namespace
try:
main_namespace = virtual_namespace.VirtualNamespace(usercode, program)
except CodeUnsafeError, e:
print "Specified repy program is unsafe!"
print "Static-code analysis failed with error: "+str(e)
harshexit.harshexit(5)
def parse_options(options):
""" Parse the specified options and initialize all required structures
Note: This modifies global state, specifically, the emulcomm module
"""
if options.ip:
emulcomm.user_ip_interface_preferences = True
# Append this ip to the list of available ones if it is new
for ip in options.ip:
if (True, ip) not in emulcomm.user_specified_ip_interface_list:
emulcomm.user_specified_ip_interface_list.append((True, ip))
if options.interface:
emulcomm.user_ip_interface_preferences = True
# Append this interface to the list of available ones if it is new
for interface in options.interface:
if (False, interface
) not in emulcomm.user_specified_ip_interface_list:
emulcomm.user_specified_ip_interface_list.append(
(False, interface))
# Check if they have told us to only use explicitly allowed IP's and interfaces
if options.nootherips:
# Set user preference to True
emulcomm.user_ip_interface_preferences = True
# Disable nonspecified IP's
emulcomm.allow_nonspecified_ips = False
# set up the circular log buffer...
# Armon: Initialize the circular logger before starting the nanny
if options.logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(options.logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# We also need to pass in whether or not we are going to be using the service
# log for repy. We provide the repy directory so that the vessel information
# can be found regardless of where we are called from...
tracebackrepy.initialize(options.servicelog, repy_constants.REPY_START_DIR)
# Set Current Working Directory
if options.cwd:
os.chdir(options.cwd)
# Update repy current directory
repy_constants.REPY_CURRENT_DIR = os.path.abspath(os.getcwd())
# Initialize the NM status interface
nmstatusinterface.init(options.stopfile, options.statusfile)
# Write out our initial status
statusstorage.write_status("Started")
def parse_options(options):
""" Parse the specified options and initialize all required structures
Note: This modifies global state, specifically, the emulcomm module
"""
if options.ip:
emulcomm.user_ip_interface_preferences = True
# Append this ip to the list of available ones if it is new
for ip in options.ip:
if (True, ip) not in emulcomm.user_specified_ip_interface_list:
emulcomm.user_specified_ip_interface_list.append((True, ip))
if options.interface:
emulcomm.user_ip_interface_preferences = True
# Append this interface to the list of available ones if it is new
for interface in options.interface:
if (False, interface) not in emulcomm.user_specified_ip_interface_list:
emulcomm.user_specified_ip_interface_list.append((False, interface))
# Check if they have told us to only use explicitly allowed IP's and interfaces
if options.nootherips:
# Set user preference to True
emulcomm.user_ip_interface_preferences = True
# Disable nonspecified IP's
emulcomm.allow_nonspecified_ips = False
# set up the circular log buffer...
# Armon: Initialize the circular logger before starting the nanny
if options.logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(options.logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# We also need to pass in whether or not we are going to be using the service
# log for repy. We provide the repy directory so that the vessel information
# can be found regardless of where we are called from...
tracebackrepy.initialize(options.servicelog, repy_constants.REPY_START_DIR)
# Set Current Working Directory
if options.cwd:
os.chdir(options.cwd)
# Update repy current directory
repy_constants.REPY_CURRENT_DIR = os.path.abspath(os.getcwd())
# Initialize the NM status interface
nmstatusinterface.init(options.stopfile, options.statusfile)
# Write out our initial status
statusstorage.write_status("Started")
def main(restrictionsfn, program, args):
# Armon: Initialize the circular logger before forking in init_restrictions()
if logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# start the nanny up and read the restrictions files.
restrictions.init_restrictions(restrictionsfn)
# Armon: Update our IP cache
emulcomm.update_ip_cache()
# These will be the functions and variables in the user's namespace (along
# with the builtins allowed by the safe module).
usercontext = {'mycontext':{}}
# Add to the user's namespace wrapped versions of the API functions we make
# available to the untrusted user code.
namespace.wrap_and_insert_api_functions(usercontext)
# Convert the usercontext from a dict to a SafeDict
usercontext = safe.SafeDict(usercontext)
# Allow some introspection by providing a reference to the context
usercontext["_context"] = usercontext
# let's try three times to load the file...
for attempts in range(3):
try:
# grab the user code from the file
usercode = file(program).read()
# and then exit the loop on success
break
except (OSError, IOError), e:
# Might be an interrupted system call, if so retry... (#840)
if 'nterrupred system call' in str(e):
continue
print "Failed to read the specified file: '"+program+"'"
raise
except:
def main(restrictionsfn, program, args):
# Armon: Initialize the circular logger before forking in init_restrictions()
if logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# start the nanny up and read the restrictions files.
restrictions.init_restrictions(restrictionsfn)
# Armon: Update our IP cache
emulcomm.update_ip_cache()
# These will be the functions and variables in the user's namespace (along
# with the builtins allowed by the safe module).
usercontext = {'mycontext':{}}
# Add to the user's namespace wrapped versions of the API functions we make
# available to the untrusted user code.
namespace.wrap_and_insert_api_functions(usercontext)
# Convert the usercontext from a dict to a SafeDict
usercontext = safe.SafeDict(usercontext)
# Allow some introspection by providing a reference to the context
usercontext["_context"] = usercontext
# let's try three times to load the file...
for attempts in range(3):
try:
# grab the user code from the file
usercode = file(program).read()
# and then exit the loop on success
break
except (OSError, IOError), e:
# Might be an interrupted system call, if so retry... (#840)
if 'nterrupred system call' in str(e):
continue
print "Failed to read the specified file: '"+program+"'"
raise
except:
def main(resourcefn, program, args):
# Armon: Initialize the circular logger before starting the nanny
if logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# start the nanny up and read the resource file.
nanny.start_resource_nanny(resourcefn)
# now, let's fire up the cpu / disk / memory monitor...
nonportable.monitor_cpu_disk_and_mem()
# Armon: Update our IP cache
emulcomm.update_ip_cache()
# These will be the functions and variables in the user's namespace (along
# with the builtins allowed by the safe module).
usercontext = {'mycontext':{}}
# Add to the user's namespace wrapped versions of the API functions we make
# available to the untrusted user code.
namespace.wrap_and_insert_api_functions(usercontext)
# Convert the usercontext from a dict to a SafeDict
usercontext = safe.SafeDict(usercontext)
# Allow some introspection by providing a reference to the context
usercontext["_context"] = usercontext
# BAD:REMOVE all API imports
usercontext["getresources"] = nonportable.get_resources
usercontext["mycontext"]["wallclocktime"] = time.time
#usercontext["openfile"] = emulfile.emulated_open
#usercontext["listfiles"] = emulfile.listfiles
#usercontext["removefile"] = emulfile.removefile
#usercontext["exitall"] = emulmisc.exitall
#usercontext["createlock"] = emulmisc.createlock
#usercontext["getruntime"] = emulmisc.getruntime
#usercontext["randombytes"] = emulmisc.randombytes
#usercontext["createthread"] = emultimer.createthread
#usercontext["sleep"] = emultimer.sleep
#usercontext["getthreadname"] = emulmisc.getthreadname
usercontext["createvirtualnamespace"] = virtual_namespace.createvirtualnamespace
usercontext["getlasterror"] = emulmisc.getlasterror
# grab the user code from the file
try:
usercode = file(program).read()
except:
print "Failed to read the specified file: '"+program+"'"
raise
# Armon: Create the main namespace
try:
main_namespace = virtual_namespace.VirtualNamespace(usercode, program)
except CodeUnsafeError, e:
print "Specified repy program is unsafe!"
print "Static-code analysis failed with error: "+str(e)
harshexit.harshexit(5)
def init_namespace(resourcefn, program, args):
global idlethreadcount, event_id
# Armon: Initialize the circular logger before starting the nanny
if logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# start the nanny up and read the resource file.
nanny.start_resource_nanny(resourcefn)
# now, let's fire up the cpu / disk / memory monitor...
# nonportable.monitor_cpu_disk_and_mem()
# Armon: Update our IP cache
emulcomm.update_ip_cache()
# These will be the functions and variables in the user's namespace (along
# with the builtins allowed by the safe module).
usercontext = {'mycontext': {}}
# Add to the user's namespace wrapped versions of the API functions we make
# available to the untrusted user code.
namespace.wrap_and_insert_api_functions(usercontext)
# Convert the usercontext from a dict to a SafeDict
usercontext = safe.SafeDict(usercontext)
# Allow some introspection by providing a reference to the context
usercontext["_context"] = usercontext
# BAD:REMOVE all API imports
usercontext["getresources"] = nonportable.get_resources
usercontext["mycontext"]["wallclocktime"] = time.time
#usercontext["openfile"] = emulfile.emulated_open
#usercontext["listfiles"] = emulfile.listfiles
#usercontext["removefile"] = emulfile.removefile
#usercontext["exitall"] = emulmisc.exitall
#usercontext["createlock"] = emulmisc.createlock
#usercontext["getruntime"] = emulmisc.getruntime
#usercontext["randombytes"] = emulmisc.randombytes
#usercontext["createthread"] = emultimer.createthread
#usercontext["sleep"] = emultimer.sleep
#usercontext["getthreadname"] = emulmisc.getthreadname
usercontext[
"createvirtualnamespace"] = virtual_namespace.createvirtualnamespace
usercontext["getlasterror"] = emulmisc.getlasterror
# grab the user code from the file
try:
usercode = file(program).read()
except:
print "Failed to read the specified file: '" + program + "'"
raise
# Armon: Create the main namespace
try:
main_namespace = virtual_namespace.VirtualNamespace(usercode, program)
except CodeUnsafeError, e:
print "Specified repy program is unsafe!"
print "Static-code analysis failed with error: " + str(e)
harshexit.harshexit(5)
