Python from Python: restricting functionality? [duplicate]
https://stackoverflow.com/questions/11355093
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Possible Duplicate:
Python, safe, sandbox
I'm building a corporate web system in Python which allows scripts to be uploaded and run serverside. Given I'm already developing in Python and its such a nice simple language, it seems like a good language to write the scripts in. However, there is a security hazard there, I want to block all function calls except a limited subset. Is there a mechanism I can use to do this, or some other technique? Do I need to use something else, Lua perhaps? I'm developing in Pyramid/Pylons.
Solution
This is a terrible idea, but just to let you know about the option:
You could sanitize a string that contains the Python code (and by sanitize I mean you need to do like a few hundred malicious unit tests and heavily test that the sanitation is adequate) with RegEx to only match the function calls you want and then call eval() on the string.
