pysandbox Python sandbox
Download

pysandbox Ranking & Summary

pysandbox Tags

Python library Python library sandbox Python sandbox

pysandbox Description

Python sandbox pysandbox is a Python sandbox. By default, untrusted code executed in the sandbox cannot modify the environment (write a file, use print or import a module). But you can configure the sandbox to choose exactly which features are allowed or not, eg. import sys module and read /etc/issue file.ConfigurationUse SandboxConfig class to configure your sandbox. Features are the most simple way to configure it.FeaturesTo enable a feature, use SandboxConfig('feature1', 'feature2', ...) or config.enable('feature'). Available features: * "code": compile() builtin, frame.f_locals and generator.gi_code * "debug_sandbox": enable traceback of the sandbox itself * "exit": sys.exit(), BaseException, KeyboardInterrupt, SystemExit, quit() * "future": from __future__ import ... * "help": pydoc.help(), use "import pydoc" outside the sandbox to use it * "interpreter": give access to standard streams, enable traceback * "regex": compile regex, match regex, search regex, etc. (re module) * "site": allow to read the license file * "stdin": sys.stdin, input() and raw_input() * "stdout", "stderr": sys.stdout and sys.stderr * "traceback": next calls to allowModule() will add the module filename to the open() whitelist, so Python can display a traceback with the source code * "unicodedata": unicodedata module, required for u'N{ATOM SYMBOL}' syntaxCPython restricted modeUse SandboxConfig(cpython_restricted=True) to enable CPython restricted mode. In this mode, reading a file and modify a class are blocked. Some attributes are hidden (eg. method.__self__), other are read only (eg. func.__doc__).CPython restricted mode is disabled by default. The restricted mode is incompatible with SandboxConfig "traceback" feature and allowPath() method.The restricted mode doesn't exist in Python3 anymore, it was removed with bastion and rexec modules: http://svn.python.org/view?view=rev&revision=55301Other options * config.timeout: timeout in seconds. Use None to disable the timeout. Default timeout value is 5 seconds. * config.allowPath(path) allows to read a file from the specified path * config.allowModule(name, symbol1, symbol2, ...) allows to import the specified module, but give only access to the specified symbolsExampleWith call() method:from sandbox import Sandboxdef func(a, b): return a + bsandbox = Sandbox()print sandbox.call(func, 1, 2)With execute() method:from sandbox import Sandbox, SandboxConfigsandbox = Sandbox(SandboxConfig('stdout'))sandbox.execute('print("Code executed in the sandbox")')execute() with a local variable:from sandbox import Sandbox, SandboxConfigsandbox = Sandbox(SandboxConfig('stdout'))sandbox.execute('print(data)', locals={'data': }) # oksandbox.execute('data.append(4)', locals={'data': }) # errorObjects passed to .call() globals/locals and .execute() arguments are proxified: they are replaced by read-only views of the objects.pysanbox is tested on Python 2.5 and 2.6 on Debian Sid.

pysandbox Related Software