5

I currently have the problem where I need to write a function which receives a dictionary where all values are strings or dictionarys and outputs a string. The problem is the logic for creating this output string. I would like to let the user write the logic.

Now, of course, I could just ask the user to create a valid Python script with a function

def generate_string(input_dict):
    # your logic
    return "some_string"

The problem is that I don't want the users to be able to execute arbitrary code. Especially working with the file system (reading / writing / deleting files) should not be possible. There should also be a limit in the computation time / memory usage.

Is this possible?

Currently, I let them enter a format string. But this seems to be too limited as it misses if statements.

Example

This is just a minimal, abstract example:

def generate_string(input_dict):
    if input_dict['type'] == 1:
        return "I want my date in {d:%Y%m%d}".format(d=input_dict['date'])
    elif input_dict['type'] == 2:
        return "type is {}".format(input_dict['type'])
    return "some_string"

d = {'type': 1, 'date': datetime.date(2017, 1, 14)}
generate_string(d)
Martin Thoma
  • 124,992
  • 159
  • 614
  • 958
  • 2
    What kind of "logic" ? Turing-complete logic? Just some arithmetic? Something else? – Eugene Sh. Aug 08 '17 at 13:23
  • You could parse the output script avoiding `import` for examples... In that way you will, for example, block people from importing the os module. – araknoid Aug 08 '17 at 13:24
  • 1
    not a close-voter, but this question is definitely quite broad. You haven't provided the method you've currently applied, nor any sample inputs and/or outputs. – asongtoruin Aug 08 '17 at 13:24
  • 1
    Possible duplicate of [How can I sandbox Python in pure Python?](https://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python) – Chris_Rands Aug 08 '17 at 13:27
  • 2
    Perhaps you need a restricted language, and a [parser](http://pyparsing.wikispaces.com/) for that language. – PM 2Ring Aug 08 '17 at 13:27
  • @EugeneSh. Working with strings. Comparing (probably not even regex), `.lower()`, `.startswith()`, `.endswith()`, `if` statements. No arithmentic. – Martin Thoma Aug 08 '17 at 13:32
  • @MartinThoma Is something like Sed can do what you are looking for? – Eugene Sh. Aug 08 '17 at 13:36
  • @EugeneSh. I'm not sure. I don't think sed can have if statements, can it? – Martin Thoma Aug 08 '17 at 13:41
  • 1
    "if" statements are not necessary for making conditions. This is why a more strict definition of the required functionality is needed. Can it be described as a grammar? – Eugene Sh. Aug 08 '17 at 13:42

1 Answers1

2

Python is not an easy language to lock down. Since it has a powerful introspection api, it is hard, if not impossible to block all system calls.

The only secure approach I can think of is to run the scripts on a separate environment, such as a docker container or a vm dedicated to running the scripts.

There is also pypy which can be run in sandboxed mode, but it is still a prototype and it might need a bit more work before being completely usable.

On the python wiki, there is a page about sandboxing python https://wiki.python.org/moin/Asking%20for%20Help/How%20can%20I%20run%20an%20untrusted%20Python%20script%20safely%20%28i.e.%20Sandbox%29

PyPy sandboxing: http://pypy.org/features.html#sandboxing

Also, take a look at How can I sandbox Python in pure Python? which has an awesome answer to this same question.

Martin
  • 5,954
  • 5
  • 30
  • 46
  • 1
    FWIW, some of the difficulties of locking down Python are discussed in [Eval really is dangerous](http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html). – PM 2Ring Aug 08 '17 at 13:29