[Flask] Odp: Re: Executing user input python code inside flask app context
Alex Alex
alex-alex-90 at wp.pl
Mon Aug 22 02:42:23 EDT 2016
Thanks, but as far as filtering user input and limiting python interpreter goes all those approaches failed just look how bastion module failed. As I've said the security is not a concern here. Furthermore the app will be running inside a docker container so the worst thing can happen is particular container instance getting destroyed. I'm really interested only in any tips regarding executing python code within flask web app.
All the best
Alex
Dnia Niedziela, 21 Sierpnia 2016 22:32 Ares Ou <aresowj at gmail.com> napisał(a)
> I guess u should at least run you app with a limited user to avoid those dangerous actions. Then try to filter out all undesired patterns.
> On Aug 21, 2016 12:11, "Alex Alex" <alex-alex-90 at wp.pl> wrote:
> > Hi,
> >
> >
> >
> > I'm working on flask based webapp that requires users to be able to eneter and execute python code (+ presenting exeuction output) within flask app context. As I'm new to flask (and I love it) I'd be greatful for any tips regarding implementing such functionality. As a side note: the security is not a concern so please don't responde with code snippets containg os.system('rm -rf /') as example of dangerus user input. I'm also not interested in running code inside pypy sandbox (at least
not on
> > this stage).
> >
> > Thank you in advance
> > BR
> > Alex
> >
> >
> >
> >
> > _______________________________________________
> > Flask mailing list
> > Flask at python.org
> > https://mail.python.org/mailman/listinfo/flask
>
More information about the Flask
mailing list