def createSandboxConfig(*features, **kw): if createSandboxConfig.debug: features += ("stdout", "stderr") if (createSandboxConfig.cpython_restricted is not None) \ and ('cpython_restricted' not in kw): kw['cpython_restricted'] = createSandboxConfig.cpython_restricted if (createSandboxConfig.use_subprocess is not None) \ and ('use_subprocess' not in kw): kw['use_subprocess'] = createSandboxConfig.use_subprocess return SandboxConfig(*features, **kw)
def test_lib2to3importer_pysandbox(self): from lib2to3import import lib2to3importer from lib2to3import import prepending fixers = [ "lib2to3.fixes.fix_exec", "lib2to3.fixes.fix_long", "lib2to3.fixes.fix_unicode", "lib2to3.fixes.fix_imports", "lib2to3.fixes.fix_dict", ] with prepending(lib2to3importer(fixers, "sandbox")): from sandbox import Sandbox from sandbox import SandboxConfig from sandbox import SandboxError box = Sandbox(SandboxConfig(use_subprocess=True)) self.assertRaises(SandboxError, box.call, print, "123")
def __init__(self, name, content, type=_PYTHON): """ - name: the module name (with no extension). - content: Python or JS code - type: 'js', 'py' (XXX might be removed) """ self.libtype = type self.name = name self.content = content self.namespace = {} if type == 'js': raise NotImplementedError() config = SandboxConfig('code') for module, elements in _ALLOWED_MODULES: config.allowModule(module, *elements) self.sandbox = Sandbox(config) self._load()
def execute(session_id, code): global modules if code.strip() == '': return '' buff = StringIO() __stdout = sys.stdout sys.stdout = buff sandbox = Sandbox(SandboxConfig('stdout')) old_commands = get_old_commands(key=session_id) old_code = '\n'.join(old_commands) try: sandbox.execute(old_code + '\n' + code) except Exception: buff = StringIO() traceback.print_exc(file=buff) # Remove the stack trace stack = buff.getvalue().replace('"<string>"', '"<JSON-RPC>"').split('\n') return '\n'.join([stack[0]] + stack[3:]) else: full_output = buff.getvalue() output_len = get_old_output_len(key=session_id) write_code(key=session_id, code=code) expire_key(key=session_id, timeout=SESSION_TIMEOUT) if output_len: buff.seek(int(output_len)) output = buff.read() else: output = buff.getvalue() write_output_len(key=session_id, output=full_output) return output finally: sys.stdout = __stdout
def test_stdout(): with capture_stdout() as stdout: config = SandboxConfig() def print_denied(): print "Hello Sandbox 1" try: Sandbox(config).call(print_denied) except SandboxError: pass else: assert False def print_allowed(): print "Hello Sandbox 2" Sandbox(createSandboxConfig('stdout')).call(print_allowed) print "Hello Sandbox 3" stdout.seek(0) output = stdout.read() assert output == "Hello Sandbox 2\nHello Sandbox 3\n"
import sys from sandbox import Sandbox, SandboxConfig, builtins def func(a, b): return 'hello' class Foo(object): def __init__(self, age): self.age = age sandbox = Sandbox(SandboxConfig('stdout')) f = open('exec_file_test.py').read() foo = Foo(31) cod = compile(f, 'exec_file_test.py', 'exec') exec(cod, {}, {}) # sandbox.execute(cod, locals={'foo': foo})
Examples: /eval 1+2 3 /eval zip(*[[1,2],[3,4]]) [(1,3), (2,4)]""" import re import traceback import sys #pip install pysandbox from sandbox import Sandbox, SandboxConfig from chatbot import send, p config = SandboxConfig("encodings", "math") config.timeout = 5 sandbox = Sandbox(config) def on_message(message): r = re.search(r"\/eval (.+)", message['message']) if not r: return try: ns = {'__result': None} sandbox.execute("import math; __result = " + r.group(1), locals=ns) res = unicode(ns['__result']) if len(res) > 500: res = res[:500] + " ..." send(message['topic']['id'], res) #we're running code, any error could throw an exception
def createSandboxConfig(*features, **kw): if createSandboxConfig.debug: features += ("stdout", "stderr") return SandboxConfig(*features, **kw)