Hosting / Sharing / Cataloging Cadquery Scripts
83 views
Skip to first unread message
Raub Camaioni
Jan 7, 2025, 1:11:42 PMJan 7
to CadQuery
Bit of a self-plug,
website: PyTools
example cadquery script: container_with_lid
git: RaubCamaioni/PyTools: converter website with dynamic python converter modules
security wise: python scripts are run in an isolated environment originally designed for code submission competitions. ioi/isolate: Sandbox for securely executing untrusted programs
I create a website for hosting python scripts.
It automatically wraps an uploaded python script for use as a web application.
It automatically wraps an uploaded python script for use as a web application.
I initially created it because I didn't want to use close sourced file converter websites.
The internal python runner contains CadQuery dependencies.
CadQuery scripts can be shared and run inside of the web application.
Model exports (stl, step, ect) are generated by CadQuery and made available for download by the web application wrapper.
Model exports (stl, step, ect) are generated by CadQuery and made available for download by the web application wrapper.
Looking for feedback about the web app and if you think it is useful for CadQuery code.
The resources behind the website are very limited at the moment so only simple scripts are recommended.
The resources behind the website are very limited at the moment so only simple scripts are recommended.
website: PyTools
example cadquery script: container_with_lid
git: RaubCamaioni/PyTools: converter website with dynamic python converter modules
security wise: python scripts are run in an isolated environment originally designed for code submission competitions. ioi/isolate: Sandbox for securely executing untrusted programs
-Raub
Jeremy Wright
Jan 7, 2025, 1:28:15 PMJan 7
to Raub Camaioni, CadQuery
Very cool. How are you protecting against malicious code? I have written modules to sanitize code that can be run by external users, but it is hard to cover everything.
For 3D previews, there is a solution for viewing STLs in the browser that I think Gitbuilding has used, and CadQuery will export to glTF as well if you wanted to use Google's model-viewer for 3D previews.
--
cadquery home: https://github.com/CadQuery/cadquery
post issues at https://github.com/CadQuery/cadquery/issues
run it at home at : https://github.com/CadQuery/CQ-editor
---
You received this message because you are subscribed to the Google Groups "CadQuery" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cadquery+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/cadquery/b1540367-49ea-4ff7-ac65-deb578153086n%40googlegroups.com.
Raub Camaioni
Jan 7, 2025, 1:36:47 PMJan 7
to CadQuery
I want to make a GPT pre filter to check for high level malicious code.
Currently code is checked for profanity and must pass python AST parsing.
The uploaded code is isolated and only given a small portion of running resources, no internet access.
Automatically timed out if it continues running too long, limited mem, limited processes, ect.
Assuming isolate and Linux cgroups are safe (what docker / isolate use under the hood), I don't have to worry about uploaded code getting access to the host machine.
Checks also need to be made to protect the users.
Website has a lot that needs improvement, but currently workable.
The uploaded code is isolated and only given a small portion of running resources, no internet access.
Automatically timed out if it continues running too long, limited mem, limited processes, ect.
Assuming isolate and Linux cgroups are safe (what docker / isolate use under the hood), I don't have to worry about uploaded code getting access to the host machine.
Checks also need to be made to protect the users.
Return outputs are sanitized to prevent linking to other websites.
All html tags are removed from script outputs.
Upload size is limited and must pass python AST parsing validity. (I am a little worried about AST vulnerabilities, might make my own pyparsing parser)
All html tags are removed from script outputs.
Upload size is limited and must pass python AST parsing validity. (I am a little worried about AST vulnerabilities, might make my own pyparsing parser)
Website has a lot that needs improvement, but currently workable.
-Raub
Jeremy Wright
Jan 7, 2025, 4:51:24 PMJan 7
to Raub Camaioni, CadQuery
It sounds like your setup is already more secure than the ones I've created, except in ones where only parameters are passes to the web server. There you still have to protect against injection stacks, but it's easier to protect against.
To view this discussion visit https://groups.google.com/d/msgid/cadquery/e60cb41c-e404-4dba-9358-b5a604c77cb3n%40googlegroups.com.
D Del Vento
Jan 16, 2025, 7:43:36 PMJan 16
to CadQuery
This is great. If you could include a 3D window, or at least a PNG-like preview, it'd be fantastic!
Raub Camaioni
Jan 19, 2025, 9:07:11 PMJan 19
to CadQuery
Added a 3D viewing window for returned .stl files. (uses three.js)
Any script that returns a .stl file will also generate a 3D view along with the download link.
Any script that returns a .stl file will also generate a 3D view along with the download link.
Reply all
Reply to author
Forward
0 new messages