def createSandboxConfig(*features, **kw):
if createSandboxConfig.debug:
features += ("stdout", "stderr")
if (createSandboxConfig.cpython_restricted is not None) \
and ('cpython_restricted' not in kw):
kw['cpython_restricted'] = createSandboxConfig.cpython_restricted
if (createSandboxConfig.use_subprocess is not None) \
and ('use_subprocess' not in kw):
kw['use_subprocess'] = createSandboxConfig.use_subprocess
return SandboxConfig(*features, **kw)
def test_lib2to3importer_pysandbox(self):
from lib2to3import import lib2to3importer
from lib2to3import import prepending
fixers = [
"lib2to3.fixes.fix_exec",
"lib2to3.fixes.fix_long",
"lib2to3.fixes.fix_unicode",
"lib2to3.fixes.fix_imports",
"lib2to3.fixes.fix_dict",
]
with prepending(lib2to3importer(fixers, "sandbox")):
from sandbox import Sandbox
from sandbox import SandboxConfig
from sandbox import SandboxError
box = Sandbox(SandboxConfig(use_subprocess=True))
self.assertRaises(SandboxError, box.call, print, "123")
def __init__(self, name, content, type=_PYTHON):
"""
- name: the module name (with no extension).
- content: Python or JS code
- type: 'js', 'py' (XXX might be removed)
"""
self.libtype = type
self.name = name
self.content = content
self.namespace = {}
if type == 'js':
raise NotImplementedError()
config = SandboxConfig('code')
for module, elements in _ALLOWED_MODULES:
config.allowModule(module, *elements)
self.sandbox = Sandbox(config)
self._load()
def execute(session_id, code):
global modules
if code.strip() == '':
return ''
buff = StringIO()
__stdout = sys.stdout
sys.stdout = buff
sandbox = Sandbox(SandboxConfig('stdout'))
old_commands = get_old_commands(key=session_id)
old_code = '\n'.join(old_commands)
try:
sandbox.execute(old_code + '\n' + code)
except Exception:
buff = StringIO()
traceback.print_exc(file=buff)
# Remove the stack trace
stack = buff.getvalue().replace('"<string>"',
'"<JSON-RPC>"').split('\n')
return '\n'.join([stack[0]] + stack[3:])
else:
full_output = buff.getvalue()
output_len = get_old_output_len(key=session_id)
write_code(key=session_id, code=code)
expire_key(key=session_id, timeout=SESSION_TIMEOUT)
if output_len:
buff.seek(int(output_len))
output = buff.read()
else:
output = buff.getvalue()
write_output_len(key=session_id, output=full_output)
return output
finally:
sys.stdout = __stdout
def test_stdout():
with capture_stdout() as stdout:
config = SandboxConfig()
def print_denied():
print "Hello Sandbox 1"
try:
Sandbox(config).call(print_denied)
except SandboxError:
pass
else:
assert False
def print_allowed():
print "Hello Sandbox 2"
Sandbox(createSandboxConfig('stdout')).call(print_allowed)
print "Hello Sandbox 3"
stdout.seek(0)
output = stdout.read()
assert output == "Hello Sandbox 2\nHello Sandbox 3\n"
import sys
from sandbox import Sandbox, SandboxConfig, builtins
def func(a, b):
return 'hello'
class Foo(object):
def __init__(self, age):
self.age = age
sandbox = Sandbox(SandboxConfig('stdout'))
f = open('exec_file_test.py').read()
foo = Foo(31)
cod = compile(f, 'exec_file_test.py', 'exec')
exec(cod, {}, {})
# sandbox.execute(cod, locals={'foo': foo})
Examples:
/eval 1+2
3
/eval zip(*[[1,2],[3,4]])
[(1,3), (2,4)]"""
import re
import traceback
import sys
#pip install pysandbox
from sandbox import Sandbox, SandboxConfig
from chatbot import send, p
config = SandboxConfig("encodings", "math")
config.timeout = 5
sandbox = Sandbox(config)
def on_message(message):
r = re.search(r"\/eval (.+)", message['message'])
if not r: return
try:
ns = {'__result': None}
sandbox.execute("import math; __result = " + r.group(1), locals=ns)
res = unicode(ns['__result'])
if len(res) > 500:
res = res[:500] + " ..."
send(message['topic']['id'], res)
#we're running code, any error could throw an exception
def createSandboxConfig(*features, **kw):
if createSandboxConfig.debug:
features += ("stdout", "stderr")
return SandboxConfig(*features, **kw)
