Skip to content

E
edx-platform
Commit c49b0c50 by Ned Batchelder
Options

Have to make the globals json-safe before sending them to the sandbox.

parent 7aa493ec
Showing with 14 additions and 13 deletions
common/lib/codejail/codejail/safe_exec.py
...@@ -101,7 +101,7 @@ def safe_exec(code, globals_dict, assumed_imports=None, files=None, python_path= ...@@ -101,7 +101,7 @@ def safe_exec(code, globals_dict, assumed_imports=None, files=None, python_path=
json.dump(g_dict, sys.__stdout__) json.dump(g_dict, sys.__stdout__)
""")) """))
stdin = json.dumps([code, globals_dict]) stdin = json.dumps([code, json_safe(globals_dict)])
jailed_code = "".join(the_code) jailed_code = "".join(the_code)
# Turn this on to see what's being executed. # Turn this on to see what's being executed.
...@@ -117,16 +117,7 @@ def safe_exec(code, globals_dict, assumed_imports=None, files=None, python_path= ...@@ -117,16 +117,7 @@ def safe_exec(code, globals_dict, assumed_imports=None, files=None, python_path=
globals_dict.update(json.loads(res.stdout)) globals_dict.update(json.loads(res.stdout))
def not_safe_exec(code, globals_dict, assumed_imports=None, files=None, python_path=None): def json_safe(d):
"""Another implementation of `safe_exec`, but not safe.
This can be swapped in for debugging problems in sandboxed Python code.
This is not thread-safe, due to temporarily changing the current directory
and modifying sys.path.
"""
def straw(d):
"""Return only the JSON-safe part of d. """Return only the JSON-safe part of d.
Used to emulate reading data through a serialization straw. Used to emulate reading data through a serialization straw.
...@@ -148,7 +139,17 @@ def not_safe_exec(code, globals_dict, assumed_imports=None, files=None, python_p ...@@ -148,7 +139,17 @@ def not_safe_exec(code, globals_dict, assumed_imports=None, files=None, python_p
jd[k] = v jd[k] = v
return json.loads(json.dumps(jd)) return json.loads(json.dumps(jd))
g_dict = straw(globals_dict)
def not_safe_exec(code, globals_dict, assumed_imports=None, files=None, python_path=None):
"""Another implementation of `safe_exec`, but not safe.
This can be swapped in for debugging problems in sandboxed Python code.
This is not thread-safe, due to temporarily changing the current directory
and modifying sys.path.
"""
g_dict = json_safe(globals_dict)
for name, modname in names_and_modules(assumed_imports or ()): for name, modname in names_and_modules(assumed_imports or ()):
g_dict[name] = lazymod.LazyModule(modname) g_dict[name] = lazymod.LazyModule(modname)
...@@ -168,7 +169,7 @@ def not_safe_exec(code, globals_dict, assumed_imports=None, files=None, python_p ...@@ -168,7 +169,7 @@ def not_safe_exec(code, globals_dict, assumed_imports=None, files=None, python_p
finally: finally:
sys.path = original_path sys.path = original_path
globals_dict.update(straw(g_dict)) globals_dict.update(json_safe(g_dict))
# Running Python code in the sandbox makes it difficult to debug. # Running Python code in the sandbox makes it difficult to debug.
# Change 0 to 1 to run the code directly. # Change 0 to 1 to run the code directly.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment