Library that evaluates the safeness of python code

A forum for general discussion of the Python programming language.

Library that evaluates the safeness of python code

Postby alexkiro » Wed Sep 25, 2013 1:45 pm

I'm looking for a solution to evaluate a piece of python code and should make a decision whether or not it is safe to run using eval(...). This means it should check if there are imports, system calls, any other possible exploits or dangerous calls in order to make sure the code (which will be input by an user) is safe to run.

Are there any such libraries? (preferably open-source) Any advantages or disadvantages to any specific library?
Last edited by Mekire on Wed Sep 25, 2013 2:02 pm, edited 1 time in total.
Reason: First post lock.
alexkiro
 
Posts: 1
Joined: Wed Sep 25, 2013 1:37 pm

Re: Library that evaluates the safeness of python code

Postby Mekire » Wed Sep 25, 2013 2:09 pm

I know Metulburr was recently working on something related to this:

Find the thread here.
http://python-forum.org/viewtopic.php?f=6&t=4362&hilit=eval

It was also brought up that even with code that will be passed as safe, a malicious (or curious) user can still pass something that will consume all your memory and crash, or just take an endless amount of time to complete such as:
Code: Select all
2000000**2000000

See a discussion on this (and possible solution) here.
http://python-forum.org/viewtopic.php?f=6&t=6344&hilit=eval

-Mek
User avatar
Mekire
 
Posts: 984
Joined: Thu Feb 07, 2013 11:33 pm
Location: Amakusa, Japan

Re: Library that evaluates the safeness of python code

Postby micseydel » Wed Sep 25, 2013 4:21 pm

I don't think you can ever really detect the safeness. See: http://nedbatchelder.com/blog/201206/ev ... erous.html
The only thing I could seriously recommend is a sandbox. Don't ever trust the input as sanitary.
Join the #python-forum IRC channel on irc.freenode.net!
User avatar
micseydel
 
Posts: 1130
Joined: Tue Feb 12, 2013 2:18 am
Location: Mountain View, CA


Return to General Discussions

Who is online

Users browsing this forum: Google [Bot] and 2 guests