Prev: dynamically modify help text
Next: Football was: Python dynamic attribute creation
From: Victor Stinner on 28 Jun 2010 18:59
pysandbox is a Python sandbox. By default, untrusted code executed in
the sandbox cannot modify the environment (write a file, use print or
import a module). But you can configure the sandbox to choose exactly
which features are allowed or not, eg. import sys module and read /etc/
issue file.

Website: http://github.com/haypo/pysandbox/
PyPI entry: http://pypi.python.org/pypi/pysandbox

The version 1.0 works on Python 2.5 and 2.6, and uses a module
(_sandbox) written in C. It cannot be used to execute a complex
program, but it is enough for a simple IRC bot.

pysandbox creates a new empty namespace and creates read only views of
objects added to the sandbox namespace. It can execute unmodified
Python source code. I tried to not deny too much functions. Eg. frame
and code objects are allowed, but not the creation of arbitrary code
object. To protect Python namespace, some attributes are "hidden" like
function closure and globals, or type subclasses.

To enable more functions, you have to enable a "feature". pysandbox
1.0 feature list:

- "code": compile() builtin, frame.f_locals and generator.gi_code
- "debug_sandbox": enable traceback of the sandbox itself
- "exit": sys.exit(), BaseException, KeyboardInterrupt, SystemExit,
quit()
- "future": from __future__ import ...
- "help": pydoc.help(), use "import pydoc" outside the sandbox to use
it
- "interpreter": give access to standard streams, enable traceback
- "regex": compile regex, match regex, search regex, etc. (re module)
- "site": allow to read the license file
- "stdin": sys.stdin, input() and raw_input()
- "stdout", "stderr": sys.stdout and sys.stderr
- "traceback": next calls to allowModule() will add the module
filename to the open() whitelist, so Python can display a traceback
with the source code
- "unicodedata": unicodedata module, required for u'\N{ATOM SYMBOL}'
syntax

Example with call() method:

from sandbox import Sandbox
def func(a, b):
return a + b
sandbox = Sandbox()
print sandbox.call(func, 1, 2)

Example with execute() method:

from sandbox import Sandbox, SandboxConfig
sandbox = Sandbox(SandboxConfig('stdout'))
sandbox.execute('print("Code executed in the sandbox")')

Get more information in the README file. pysandbox is based on the
safelite project written by Tav.

Victor
 | 
Pages: 1
Prev: dynamically modify help text
Next: Football was: Python dynamic attribute creation