Evality ------- *Unstable* Evality is a backend for untrusted python sources. It is based on CPython's bytecode format and containers. It works step by step through the pipeline of evality. Client > Purifier > Evality > Executor > NameKeeper > Container Client ------ Sends untrusted python code as a raw string. E.g; print(2 + 2) Purifier -------- Checks for any potential threats in code. Raises Insecure exception if sees any. Evality ------- Responsible for managing containers and sending data to them. Takes user code that is checked from Purifier. Compiles it to bytecode, marshals it and encodes it before shipping it via JSON. Starts container in every action of running command. Uses container caching by giving id values to every container it started. If given id not found in instances; it will start new and after it is done with it, it will pause instead of kill. `quit` method should be called before exitting. The preffered encoding is base64. Evality uses ports in a range of 1765 to nth container running same time Executor -------- An HTTP service that takes base64 encoded python bytecode. It executes bytecode in a listened environment. Routes standard out and error file descriptors to a buffer and returns it as a json format. That listened environment provided by NameKeeper. Request: {'code': '<b64encoded-bytecode>'} Response (200): {'result': {'out': '<stdout>', 'err': '<stderr'}} Response (400): {'result': 'FAIL'} Response (500): {'result': 'FAIL'} NameKeeper ---------- Namekeeper is a standalone context manager for forbidding builtin function, patching type attributes etc. It forbids eval/compile/exec/open/input/ and patches import. Also it removes some members of types. Container --------- A python:<python-version>-alpine image that contains executor
E
evality
Safe evaluation of untrusted code on containers
Proje No.: 72
-
Gokberk Yaltirakli yazdı
* Refactor executor * test: Executor tests
b1c3fa57
Adı |
Son kayıt (commit)
|
Son güncelleme |
---|---|---|
evality | Loading commit data... | |
t | ||
.gitignore | ||
MANIFEST.in | ||
README | ||
setup.py |