Updates to use the latest refactoring with edx-platform

* Python 2.x is called "python" again * Provide "configure_python" so that edx-platform can get convenient configuration.

Updates to use the latest refactoring with edx-platform
* Python 2.x is called "python" again * Provide "configure_python" so that edx-platform can get convenient configuration.
9d48ad3f · Ned Batchelder · c62051af · 9d48ad3f · 9d48ad3f · 9d48ad3f
Commit 9d48ad3f authored Jan 06, 2017 by Ned Batchelder
Hide whitespace changes
Inline Side-by-side

Showing with 75 additions and 30 deletions

codejail/integration.py
+22 -1

codejail/languages.py
+1 -1

codejail/safe_exec.py
+29 -13

codejail/tests/helpers.py
+6 -15

codejail/util.py
+17 -0

No files found.
--- a/codejail/integration.py
+++ b/codejail/integration.py
@@ -3,8 +3,12 @@ Integrate with application settings files.
 """
 from __future__ import absolute_import
+import os.path
 from . import jail
 from . import limits
+from .util import sibling_sandbox_venv
 def configure_from_settings(settings):
@@ -57,12 +61,29 @@ def legacy_configure_from_settings(settings):
            "user": "sandbox",
            "limits": {"CPU": 1},
        }
+    The virtualenv used depends on the 'python_bin' setting:
+    * If 'python_bin' is specified, it is the sandbox virtualenv to use.
+    * If 'python_bin' is specified as None, then code will run unsafely.
+    * If 'python_bin' isn't specified, then a virtualenv alongside the current
+      one, with a suffix of '-sandbox' will be used.
    """
+    python_bin = None
+    if 'python_bin' in settings.CODE_JAIL:
+        python_bin = settings.CODE_JAIL['python_bin']
+    else:
+        venv = sibling_sandbox_venv()
+        if venv:
+            python_bin = os.path.join(venv, "bin/python")
-    python_bin = settings.CODE_JAIL.get('python_bin')
    if python_bin:
        user = settings.CODE_JAIL['user']
        jail.configure("python", python_bin, user=user)
    requested_limits = settings.CODE_JAIL.get('limits', {})
    for name, value in requested_limits.items():
        limits.set_limit(name, value)
--- a/codejail/languages.py
+++ b/codejail/languages.py
@@ -34,7 +34,7 @@ other = Language(
 )
 python2 = Language(
-    name='python2',
+    name='python',
    argv=[
        '-E',  # Ignore the environment variables PYTHON*
        '-B',  # Don't write .pyc files.

--- a/codejail/safe_exec.py
+++ b/codejail/safe_exec.py
@@ -5,9 +5,10 @@ import os.path
 import shutil
 import sys
-from .exceptions import SafeExecException
+from . import languages
-from .jail import get_codejail, is_configured
+from .exceptions import JailError, SafeExecException
-from .util import temp_directory, change_directory, json_safe
+from .jail import configure, get_codejail, is_configured
+from .util import temp_directory, change_directory, json_safe, sibling_sandbox_venv
 log = logging.getLogger("codejail")
@@ -94,16 +95,31 @@ def not_safe_exec(
    globals_dict.update(json_safe(g_dict))
-if ALWAYS_BE_UNSAFE:   # pragma: no cover
+def configure_python():
-    # Make safe_exec actually call not_safe_exec, but log that we're doing so.
+    """If "python" isn't configured, configure it to point to a sibling venv.
+    Raises JailError if it couldn't find a virtualenv to use.
+    """
+    if not is_configured("python"):
+        venv = sibling_sandbox_venv()
+        if not venv:
+            raise JailError("Couldn't find sandbox virtualenv")
+        configure("python", os.path.join(venv, "bin/python"), user="sandbox", lang=languages.python2)
-    def safe_exec(*args, **kwargs):                 # pylint: disable=E0102
-        """An actually-unsafe safe_exec, that warns it's being used."""
-        # Because it would be bad if this function were used in production,
+def fake_safe_exec(*args, **kwargs):                 # pylint: disable=E0102
-        # let's log a warning when it is used.  Developers can live with
+    """An actually-unsafe safe_exec, that warns it's being used."""
-        # one more log line.
-        slug = kwargs.get('slug', None)
-        log.warning("Using codejail/safe_exec.py:not_safe_exec for %s", slug)
-        return not_safe_exec(*args, **kwargs)
+    # Because it would be bad if this function were used in production,
+    # let's log a warning when it is used.  Developers can live with
+    # one more log line.
+    slug = kwargs.get('slug', None)
+    log.warning("Using codejail/safe_exec.py:not_safe_exec for %s", slug)
+    return not_safe_exec(*args, **kwargs)
+if ALWAYS_BE_UNSAFE:   # pragma: no cover
+    # Make safe_exec actually call not_safe_exec, but log that we're doing so.
+    safe_exec = fake_safe_exec
--- a/codejail/tests/helpers.py
+++ b/codejail/tests/helpers.py
@@ -7,8 +7,8 @@ import os.path
 import sys
 from unittest import TestCase
-from codejail import jail
+from codejail import jail, languages
-from codejail import languages
+from codejail.util import sibling_sandbox_venv
 SAME = object()
@@ -53,24 +53,15 @@ class JailMixin(TestCase):
        super(JailMixin, self).setUp()
        if not jail.is_configured("python"):
            if not self._codejail_venv:
-                self._codejail_venv = self._autoconfigure_codejail_venv()
+                self._codejail_venv = sibling_sandbox_venv()
+                if not self._codejail_venv:
+                    self.fail("No virtualenv found for codejail")
            if not self._codejail_user:
                # User explicitly requested no su user via environment variable
                self._codejail_user = None
-            bin_path = os.path.join(self._codejail_venv, 'bin/python2')
+            bin_path = os.path.join(self._codejail_venv, 'bin/python')
            jail.configure("python", bin_path, user=self._codejail_user, lang=languages.python2)
-    def _autoconfigure_codejail_venv(self):
-        """
-        For the purposes of tests, look for a sandbox alongside the currently
-        running python.
-        """
-        codejail_venv = '{}-sandbox'.format(sys.prefix)
-        if os.path.isdir(codejail_venv):
-            return codejail_venv
-        else:
-            self.fail("No virtualenv found for codejail")
 class Python3Mixin(object):
    """

--- a/codejail/util.py
+++ b/codejail/util.py
@@ -3,6 +3,7 @@
 import contextlib
 import os
 import shutil
+import sys
 import tempfile
 try:
@@ -67,3 +68,19 @@ def json_safe(input_dict):
        else:
            json_dict[key] = value
    return json.loads(json.dumps(json_dict))
+def sibling_sandbox_venv():
+    """
+    Find a virtualenv next to ours, with a "-sandbox" suffix.
+    Returns the virtualenv directory name, or None if one couldn't be found.
+    """
+    sandbox_venv = '{}-sandbox'.format(sys.prefix)
+    if os.path.isdir(sandbox_venv):
+        python_bin = os.path.join(sandbox_venv, "bin/python")
+        if os.path.exists(python_bin):
+            return sandbox_venv
+    return None