Over a million developers have joined DZone.

Come Play in the Sand with PySandbox

· Web Dev Zone

Start coding today to experience the powerful engine that drives data application’s development, brought to you in partnership with Qlik.

If you're looking for a way to test your Python code without exposing your system to untrusted code, then this may be the solution you've been searching for.  PySandbox is just what it sounds like: a Python Sandbox.  It allows you to run Python code while preventing that code from modifying the environment, which means the code cannot write a file, import a module, or use the print function.  Other blocked functions in PySandbox include:

  • Deny access to the file system
  • Deny importing Python modules
  • Deny exiting Python
  • Deny access to stein, stout, or stderr
  • Deny some built-ins symbols like execfile(), reload() or KeyboardInterrupt
  • Deny execution of arbitrary bytecode (creation of arbitrary code object)

All of these features can be enabled in the Sandbox Configuration settings, so the user has control over what functions and modules are permitted inside the sandbox.  The code is run through a subprocess that has the following limitations:

  • timeout = 5 seconds
  • memory limit = 200 MB
  • recursion limit = 50 frames
  • number of child process = 0 (disabled fork or thread at the OS level)
  • pysandbox is able to catch crashed like segmentation fault (SIGSEGV)
  • stdin, stdout, and stderr are redirected to /dev/null (or :NUL on Windows)

There's also a wealth of features available, that can be turned on and off using SandboxConfig, including:

  • "codecs": codecs module
  • "debug_sandbox": allow to display a traceback of the sandbox.
  • "encodings": encodings module with ascii, latin_1, utf_8, utf_16_be, utf_32_be and rot_13 codecs (submodules).
  • "interpreter": give access to standard streams, enable traceback.

PySandbox features a CPython restricted mode, which is currently deemed "unsafe" due to the possible execution of arbitrary bytecode.  Unfortunately, the restricted mode no longer exists in Python 3, as it was removed with the bastion and exec modules.

Currently, it has been tested on Python 2.5 and 2.6, but support for Python 3 is in the works. For more information on PySandbox, or to download the source files, visit the github page.

Create data driven applications in Qlik’s free and easy to use coding environment, brought to you in partnership with Qlik.


The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}