git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sandboxing eval()


On 2020-01-19 17:35, musbur at posteo.org wrote:
> Is it actually possible to build a "sandbox" around eval, permitting it
> only to do some arithmetic and use some math functions, but no
> filesystem acces or module imports?
> 
> I have an application that loads calculation recipes (a few lines of
> variable assignments and arithmetic) from a database.
> 
> exec(string, globals, locals)
> 
> with locals containing the input variables, and globals has a
> __builtin__ object with a few math functions. It works, but is it safe?
> 
There have been some attempts, but they've all been defeated.