Help needed with controlling the python parser

V

vinjvinj

I use python to script my application. Users will be able to write
their own python scripts which are then run a grid of servers. I want
to be able to capture syntax errors in submitted users scripts and then
display them (with line numbers) back to the user.

I also want to check for obvious things which I'm going to restrict in
the code. Initially I would like to disallow any imports, and access to
__* access. I understand that it is near impossible to make the scripts
run in a completely restricted env.

Is scripting a tool like pylint the way to go? Or is it fairly easy to
control the python parser to do this?

Thanks,

VJ
 
?

=?iso-8859-1?B?QW5kcuk=?=

vinjvinj said:
I use python to script my application. Users will be able to write
their own python scripts which are then run a grid of servers. I want
to be able to capture syntax errors in submitted users scripts and then
display them (with line numbers) back to the user.
Click to expand...

I was going to wait for other, familiar with pylint, etc. to answer,
but it seems like no-one is attempting to answer your query. So, here
goes a poor attempt ;-)
From all I have heard, if you are going to be concerned about safety,
Click to expand...
you are pretty much out of luck. However, assuming you still want to
try it, here's one potential way (untested way) to do it:

..try:
.. exec self.code in MyGlobals # Define your own dictionary for
added safety...
..except Exception, info:
.. if "invalid syntax" in info: # to catch it and change the
default message
.. linenumber = info[1][1]
.. print "An error was found on (or before) line: %d"%info[1][1]
I also want to check for obvious things which I'm going to restrict in
the code. Initially I would like to disallow any imports, and access to
__* access. I understand that it is near impossible to make the scripts
run in a completely restricted env.
Click to expand...
You could try something like the following untested function:

..def ParseProgram(contents):
.. bad_keywords = ["chr", "exec", "eval", "input", "raw_input",
"import"]
.. for word in bad_keywords:
.. if word in contents:
.. mesg = "Keyword or function not allowed:" + str(word)
.. return False, mesg
.. return True, ''

I would augment it with a regular expression to catch "__*". [This is
left as an exercise to the reader ;-)]
Is scripting a tool like pylint the way to go? Or is it fairly easy to
control the python parser to do this?
Click to expand...
I don't know what pylint can do for you in that regard.
As far as I know, it is near impossible to ensure that you can restrict
a determined user from doing nasty stuff.
Thanks,

VJ
Click to expand...
André
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Python battle game help 2
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1
controlling Python script with usb midi controller tia sal22 0
Help with Python Flask on PI as server SSE to website 0
Controlling Firefox with Python 3
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
passing an option to the python interpreter 2
help needed with subprocess, pipes and parameters 0

Members online

No members online now.
Total: 26 (members: 0, guests: 26)
Robots: 76

Forum statistics

Threads
473,776
Messages
2,569,602
Members
45,182
Latest member
BettinaPol

Latest Threads

Top