PythonScript(Zope) like in a django app, any tips?

[Arruda]

Hi there, I'm doing a system where I want the users to be able to set/change some scripts that are dynamically run(RPG like scripts).

So a user can change the way the Kill_a_player script is run.

I thought of doing this by using exec, like this:

class Script(models.Model):
    script_py = models.TextField(u"Script Python")
    
    class Meta:
        app_label = 'scripts'

 

 

    def run(self,**kwargs):
        ret= None
        #prepares the args
        for key, val in kwargs.items():
            exec("%s = val"%key)    
        exec(self.script_py)
        return ret

So that I can do:

s = Script() 

s.script_py = """character.kill(another_character)

                        character.win_exp()

                        ret = character.lvl"""

 

new_lvl = s.run(character = some_player, another_character = another_player)

 

This all works just fine, but the problem is the security risk of the exec...

So the user could do:

s.script_py = "import os; os.system('shutdown -P 0')

 And that's the smallest problem...

So I was thinking if there is already something like that implemented, and that I can add to my project easily, and found this PythonScript from Zope, that does something like that.

I just don't know if that is easily portable to another project, and if I'm going to get what I want using this(let the users change the way the script is ran). There is not much use if the users can only do : "a + b = c"

I also came across this post http://lybniz2.sourceforge.net/safeeval.html and was thinking if there is something like that in exec.

I friend of mine also have said that you can limit what the users can import and use in some function(that I don't remember now).

Thanks for the help.

[Andy McKay]

That's not something I'd ever recommend an untrusted user do. There
are still many ways that could go wrong. The safest execution
environment I've seen for Python is App Engine, send a callback to
that instead :)

[Arruda]

Is this what you're talking about?

https://developers.google.com/appengine/docs/python/overview

Still don't understand how this would be used.

[Andy McKay]

I would not recommend allowing untrusted users to execute random python on your server in any way.

The only sandbox ive seen that is well protected is app engine, if you are hosting your site on app engine, things might be a bit better.

I would recommend sending webhooks or callbacks to users own servers and excuting them there.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/fUxBYWsIr4MJ.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

[Arruda]

oh, I see, but the problem is that I need this scripts to be ran often and if I make a request to a sandbox, and then this sandbox send other requests to my server getting and changing data(since some scripts change the data of my server) this would take too long, and make the server unable to run in a proper speed.

Imagine playing a RPG where whenever you interact with something it just slow and then give you the response =/

If I can't figure a good way to get this thing safe in some manner, then I'll just have to limit the users that can do this, and see code by code my self...

Or make some kind of validation(human) before allowing the scripts...

But thanks for the ideia anyway, didn't know about this app engine thing.

Em sábado, 14 de abril de 2012 19h10min11s UTC-3, Andy McKay escreveu:

I would not recommend allowing untrusted users to execute random python on your server in any way.

The only sandbox ive seen that is well protected is app engine, if you are hosting your site on app engine, things might be a bit better.

I would recommend sending webhooks or callbacks to users own servers and excuting them there.

Is this what you're talking about?

https://developers.google.com/appengine/docs/python/overview

Still don't understand how this would be used.

Em sábado, 14 de abril de 2012 14h19min01s UTC-3, Andy McKay escreveu:

That's not something I'd ever recommend an untrusted user do. There
are still many ways that could go wrong. The safest execution
environment I've seen for Python is App Engine, send a callback to
that instead :)

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/fUxBYWsIr4MJ.
To post to this group, send email to django...@googlegroups.com.

To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.

[Kevin]

Check out PyPy Sandboxing, it may be your best bet:

http://pypy.org/features.html#sandboxing

[Arruda]

Nice one this PyPy, I'll test this soon =) thanks!

[Doug Ballance]

You might also try a different scripting language, for example Lua.
I've a python module "lupa" bookmarked for a project on my todo list
that requires user scripting. It appears you can have a relatively
sandboxed access to python objects. I'm hoping that with some careful
compiling of the luajit compiler it will use a limited set of
libraries, providing only simple/non-dangerous capability. I haven't
tried any of this yet though, so just food for thought.

http://pypi.python.org/pypi/lupa