~jurgis-pralgauskis/intro-to-code/trunk

Viewing changes to intro-to-code-4web/intro2code/interact.py

Committer: jurgis
Date: 2009-03-09 00:02:47 UTC
Revision ID: jurgis@baltix-20090309000247-lamccuk5chz8rm5d

hey, now web2py works with sandboxed pypy interpreter -- which is used to check if the code is not some DOS attack -- look at sandbox_exec.py, which is called from interact.py for user_interaction (experimentation mode)

files added:
intro-to-code-4web/intro2code/sandbox_exec.py

files modified:
intro-to-code-4web/intro2code/analyse_user_input.py

intro-to-code-4web/intro2code/interact.py

intro-to-code-4web/web2py_app_structure/controllers/default.py

intro-to-code-4web/web2py_app_structure/static/styles.css

intro-to-code-4web/web2py_app_structure/views/default/index.html

Show diffs side-by-side

added added

removed removed

intro-to-code-4web/intro2code/interact.py

def count_errors(self):

pass

from analyse_user_input import User_Input_Analyser, code2list

from analyse_user_input import User_Input_Analyser, code2list, ResourcesError

from utils import AttrPickler, Translator, MyPrint

227

expr_ast_list = code2list(expr) # Syntax Error might happen here

228

expr_ast_list = [atom.strip() for atom in expr_ast_list]

229

#~ print ' *** expr_ast_list', expr_ast_list

230

prohibited_words = 'import, eval, exec, read, write, file, sys, os' # for, while ? linelenght limiting?

230

prohibited_words = 'import, eval, exec, read, write, file, sys, system, os' # for, while ? linelenght limiting?

231

232

for word in prohibited_words.split(', '):

232

if word in expr_ast_list:

233

self.my_print(_("Prohibited (for security reasons) word in expression: %s") % word)

234

self.my_print(_("Prohibited words are: %s") % prohibited_words)

235

expr = ':q'

236

break

233

for word_variant in (word, '__%s__'% word, "'%s'"% word):

234

if word_variant in expr_ast_list:

235

self.my_print(_("Prohibited (for security reasons) word in expression: **%s**") % word_variant)

236

self.my_print(_("Prohibited words are: %s") % prohibited_words)

237

expr = ':q'

238

raise SyntaxError

237

239

self.my_print('>>> %s' % expr)

238

240

except SyntaxError:

239

241

pass

242

expr = ':q'

240

243

241

244

242

245

243

246

while not expr in [':q', ':quit']:

244

247

if self._analyse__check_syntax_by_ast(expr):

245

248

try:

249

if self.UI_type == 'web2py':

250

# first try to give full code + current expression

251

# if no resource overwhelming will be detected -- let expresion on :)

252

try:

253

from sandbox_exec import sandbox_exec

254

except:

255

raise Exception(_("Can't find path to sandbox -- no interactive shell :(. check file sandbox_exec.py"))

256

#~ self.my_print(_("Expression to try sandboxed: \n%s" % expr))

257

result_output = sandbox_exec( '\n'.join(self.code_passed) +'\n'+ expr )

258

#self.my_print(_("Output: \n%s" % result_output))

259

if '[Subprocess killed' in result_output:

260

#~ self.my_print(_("Error: \n%s" % result_output))

261

raise ResourcesError(_("The process takes too much resources and was terminated")) # in order to pass direct execution

262

#~ else:

263

#~ self._analyse__process_input(expr, self.code_passed)

264

#~ pass

265

266

#else:

246

267

self._analyse__process_input(expr, self.code_passed)

247

268

except Exception, e:

248

269

self._analyse__print_error(e)

270

249

271

elif expr != '':

250

272

self.my_print(_("Problem with your expression. please reenter."))

251

273

#yield 'interpret >>> '

Older »