def build_seattle_usercontext():
usercontext = {}
# BAD:REMOVE all API imports
usercontext["getresources"] = nonportable.get_resources
import emulcomm
emulcomm.user_ip_interface_preferences = ip_options.user_ip_interface_preferences
for entry in ip_options.user_specified_ip_interface_list:
emulcomm.user_specified_ip_interface_list.append(entry)
emulcomm.allow_nonspecified_ips = ip_options.allows_nonspecified_ips
# Armon: Update our IP cache
emulcomm.update_ip_cache()
import emulfile
#usercontext["openfile"] = emulfile.emulated_open
#usercontext["listfiles"] = emulfile.listfiles
#usercontext["removefile"] = emulfile.removefile
import emulmisc
usercontext["getlasterror"] = emulmisc.getlasterror
#usercontext["exitall"] = emulmisc.exitall
#usercontext["createlock"] = emulmisc.createlock
#usercontext["getruntime"] = emulmisc.getruntime
#usercontext["randombytes"] = emulmisc.randombytes
import emultimer
#usercontext["createthread"] = emultimer.createthread
#usercontext["sleep"] = emultimer.sleep
#usercontext["getthreadname"] = emulmisc.getthreadname
usercontext["createvirtualnamespace"] = virtual_namespace.createvirtualnamespace
return prepare_usercontext({}, usercontext)
def initialize_nanny(resourcefn):
# start the nanny up and read the resource file.
# JAC: Should this take a string instead?
nanny.start_resource_nanny(resourcefn)
# now, let's fire up the cpu / disk / memory monitor...
nonportable.monitor_cpu_disk_and_mem()
# JAC: I believe this is needed for interface / ip-based restrictions
emulcomm.update_ip_cache()
def initialize_nanny(resourcefn): # start the nanny up and read the resource file. # JAC: Should this take a string instead? nanny.start_resource_nanny(resourcefn) # now, let's fire up the cpu / disk / memory monitor... #nonportable.monitor_cpu_disk_and_mem() # JAC: I believe this is needed for interface / ip-based restrictions emulcomm.update_ip_cache()
def main(restrictionsfn, program, args):
# Armon: Initialize the circular logger before forking in init_restrictions()
if logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# start the nanny up and read the restrictions files.
restrictions.init_restrictions(restrictionsfn)
# Armon: Update our IP cache
emulcomm.update_ip_cache()
# These will be the functions and variables in the user's namespace (along
# with the builtins allowed by the safe module).
usercontext = {'mycontext':{}}
# Add to the user's namespace wrapped versions of the API functions we make
# available to the untrusted user code.
namespace.wrap_and_insert_api_functions(usercontext)
# Convert the usercontext from a dict to a SafeDict
usercontext = safe.SafeDict(usercontext)
# Allow some introspection by providing a reference to the context
usercontext["_context"] = usercontext
# let's try three times to load the file...
for attempts in range(3):
try:
# grab the user code from the file
usercode = file(program).read()
# and then exit the loop on success
break
except (OSError, IOError), e:
# Might be an interrupted system call, if so retry... (#840)
if 'nterrupred system call' in str(e):
continue
print "Failed to read the specified file: '"+program+"'"
raise
except:
def main(restrictionsfn, program, args):
# Armon: Initialize the circular logger before forking in init_restrictions()
if logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# start the nanny up and read the restrictions files.
restrictions.init_restrictions(restrictionsfn)
# Armon: Update our IP cache
emulcomm.update_ip_cache()
# These will be the functions and variables in the user's namespace (along
# with the builtins allowed by the safe module).
usercontext = {'mycontext':{}}
# Add to the user's namespace wrapped versions of the API functions we make
# available to the untrusted user code.
namespace.wrap_and_insert_api_functions(usercontext)
# Convert the usercontext from a dict to a SafeDict
usercontext = safe.SafeDict(usercontext)
# Allow some introspection by providing a reference to the context
usercontext["_context"] = usercontext
# let's try three times to load the file...
for attempts in range(3):
try:
# grab the user code from the file
usercode = file(program).read()
# and then exit the loop on success
break
except (OSError, IOError), e:
# Might be an interrupted system call, if so retry... (#840)
if 'nterrupred system call' in str(e):
continue
print "Failed to read the specified file: '"+program+"'"
raise
except:
def main(resourcefn, program, args):
# Armon: Initialize the circular logger before starting the nanny
if logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# start the nanny up and read the resource file.
nanny.start_resource_nanny(resourcefn)
# now, let's fire up the cpu / disk / memory monitor...
nonportable.monitor_cpu_disk_and_mem()
# Armon: Update our IP cache
emulcomm.update_ip_cache()
# These will be the functions and variables in the user's namespace (along
# with the builtins allowed by the safe module).
usercontext = {'mycontext':{}}
# Add to the user's namespace wrapped versions of the API functions we make
# available to the untrusted user code.
namespace.wrap_and_insert_api_functions(usercontext)
# Convert the usercontext from a dict to a SafeDict
usercontext = safe.SafeDict(usercontext)
# Allow some introspection by providing a reference to the context
usercontext["_context"] = usercontext
# BAD:REMOVE all API imports
usercontext["getresources"] = nonportable.get_resources
usercontext["mycontext"]["wallclocktime"] = time.time
#usercontext["openfile"] = emulfile.emulated_open
#usercontext["listfiles"] = emulfile.listfiles
#usercontext["removefile"] = emulfile.removefile
#usercontext["exitall"] = emulmisc.exitall
#usercontext["createlock"] = emulmisc.createlock
#usercontext["getruntime"] = emulmisc.getruntime
#usercontext["randombytes"] = emulmisc.randombytes
#usercontext["createthread"] = emultimer.createthread
#usercontext["sleep"] = emultimer.sleep
#usercontext["getthreadname"] = emulmisc.getthreadname
usercontext["createvirtualnamespace"] = virtual_namespace.createvirtualnamespace
usercontext["getlasterror"] = emulmisc.getlasterror
# grab the user code from the file
try:
usercode = file(program).read()
except:
print "Failed to read the specified file: '"+program+"'"
raise
# Armon: Create the main namespace
try:
main_namespace = virtual_namespace.VirtualNamespace(usercode, program)
except CodeUnsafeError, e:
print "Specified repy program is unsafe!"
print "Static-code analysis failed with error: "+str(e)
harshexit.harshexit(5)
def init_namespace(resourcefn, program, args):
global idlethreadcount, event_id
# Armon: Initialize the circular logger before starting the nanny
if logfile:
# time to set up the circular logger
loggerfo = loggingrepy.circular_logger(logfile)
# and redirect err and out there...
sys.stdout = loggerfo
sys.stderr = loggerfo
else:
# let's make it so that the output (via print) is always flushed
sys.stdout = loggingrepy.flush_logger(sys.stdout)
# start the nanny up and read the resource file.
nanny.start_resource_nanny(resourcefn)
# now, let's fire up the cpu / disk / memory monitor...
# nonportable.monitor_cpu_disk_and_mem()
# Armon: Update our IP cache
emulcomm.update_ip_cache()
# These will be the functions and variables in the user's namespace (along
# with the builtins allowed by the safe module).
usercontext = {'mycontext': {}}
# Add to the user's namespace wrapped versions of the API functions we make
# available to the untrusted user code.
namespace.wrap_and_insert_api_functions(usercontext)
# Convert the usercontext from a dict to a SafeDict
usercontext = safe.SafeDict(usercontext)
# Allow some introspection by providing a reference to the context
usercontext["_context"] = usercontext
# BAD:REMOVE all API imports
usercontext["getresources"] = nonportable.get_resources
usercontext["mycontext"]["wallclocktime"] = time.time
#usercontext["openfile"] = emulfile.emulated_open
#usercontext["listfiles"] = emulfile.listfiles
#usercontext["removefile"] = emulfile.removefile
#usercontext["exitall"] = emulmisc.exitall
#usercontext["createlock"] = emulmisc.createlock
#usercontext["getruntime"] = emulmisc.getruntime
#usercontext["randombytes"] = emulmisc.randombytes
#usercontext["createthread"] = emultimer.createthread
#usercontext["sleep"] = emultimer.sleep
#usercontext["getthreadname"] = emulmisc.getthreadname
usercontext[
"createvirtualnamespace"] = virtual_namespace.createvirtualnamespace
usercontext["getlasterror"] = emulmisc.getlasterror
# grab the user code from the file
try:
usercode = file(program).read()
except:
print "Failed to read the specified file: '" + program + "'"
raise
# Armon: Create the main namespace
try:
main_namespace = virtual_namespace.VirtualNamespace(usercode, program)
except CodeUnsafeError, e:
print "Specified repy program is unsafe!"
print "Static-code analysis failed with error: " + str(e)
harshexit.harshexit(5)
