[IPython-dev] Registering Input Transformers that can Reject Input
Thomas Kluyver
takowl at gmail.com
Fri Sep 5 18:23:35 EDT 2014
Hi Scott,
Great, you clearly know what you're doing.
Yes, I think I would have the transformers raise a specific exception
class, rather than setting something that the shell needs to check after
the fact. A PR for this would be welcome.
Thanks,
Thomas
On 5 September 2014 10:36, ssanderson <ssanderson at quantopian.com> wrote:
> Hi Thomas,
>
> Glad to hear that it sounds like this makes sense for the main line.
>
> We're well aware of the difficulties of securely executing untrusted Python
> code; in a lot of ways solving that problem well is more important to our
> business than any of the financial simulation tools that are ostensibly our
> product! As you note, there are all sorts of ways to dynamically get
> access
> to dangerous things (vars, eval, exec, and getattr are the ones we see the
> most, but we also see breakout attempts using more exotic things like the
> func_globals attribute on function objects). We do a fair amount of
> runtime
> sandboxing in addition to the static checks, but static
> analysis/transformation has proven to be one of the best tools available to
> us.
>
> As for the expected semantics, our current infrastructure builds a list of
> violations on a NodeTransformer and just stores them to be converted into a
> custom SecurityViolation exception elsewhere, but looking at
> InteractiveShell.transform_ast I think it makes more sense to raise an
> exception than to have the shell check something like a `failed` attribute
> on the transformer.
>
> The current behavior seems to be that any NodeTransformer that raises is
> considered broken and removed from the shell, so there would need to be a
> specific exception class used to signal "this code is broken, not me!"
>
> If you think it makes sense to do so, I'd be happy to try and put together
> a
> PR for this.
>
> -Scott
>
>
>
> --
> View this message in context:
> http://python.6.x6.nabble.com/Registering-Input-Transformers-that-can-Reject-Input-tp5070376p5070401.html
> Sent from the IPython - Development mailing list archive at Nabble.com.
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140905/bb95a9b7/attachment.html>
More information about the IPython-dev
mailing list