Sandboxes
42
nospam at nospam.com
Sat Aug 20 18:30:17 EDT 2005
In article <tpLNe.187$hn4.34901 at newshog.newsread.com>,
eurleif at ecritters.biz says...
> 42 wrote:
> > I was wondering if it would be effective to pre-parse incoming scripts
> > and reject those containing "import"?
>
> getattr(__builtins__, '__imp' + 'ort__')('dangerousmodule')
>
See that's sort of thing I'm talking about. :)
Earlier I mentioned that I figured I'd be ok to pre-parse the script to
sanitize the langauge a bit.
There are what 30 odd built in functions? And a dozen or so keywords?
Basically if I turn off anything that deals with 'executable code',
'meta data', or 'reflection' I'm hoping I'd be in the clear.
e.g.: looking at the built in function list these would be suspect...
probably not all of them are dangerous, but I beleive I could get by
without any of them:
first the keywords:
exec, import
and then the built in functions:
type, super, setattr, reload, property, open, locals, issubclass,
isinstance, hasattr, globals, getattr, file, execfile, eval, dir, dict,
delattr, compile, classmethod, callable, __import__
I'd also filter:
raw_input, input, and help (as they don't make sense in the
application) context anyway.
Sure I might be seriously crippling the power of python by doing this,
but that's rather the point :), and it should be fine for my purposes.
Thoughts? Still gaping holes?
thanks in advance,
Dave
More information about the Python-list
mailing list