Over a million developers have joined DZone.

Come Play in the Sand with PySandbox

DZone's Guide to

Come Play in the Sand with PySandbox

· Web Dev Zone
Free Resource

Discover how to focus on operators for Reactive Programming and how they are essential to react to data in your application.  Brought to you in partnership with Wakanda

If you're looking for a way to test your Python code without exposing your system to untrusted code, then this may be the solution you've been searching for.  PySandbox is just what it sounds like: a Python Sandbox.  It allows you to run Python code while preventing that code from modifying the environment, which means the code cannot write a file, import a module, or use the print function.  Other blocked functions in PySandbox include:

  • Deny access to the file system
  • Deny importing Python modules
  • Deny exiting Python
  • Deny access to stein, stout, or stderr
  • Deny some built-ins symbols like execfile(), reload() or KeyboardInterrupt
  • Deny execution of arbitrary bytecode (creation of arbitrary code object)

All of these features can be enabled in the Sandbox Configuration settings, so the user has control over what functions and modules are permitted inside the sandbox.  The code is run through a subprocess that has the following limitations:

  • timeout = 5 seconds
  • memory limit = 200 MB
  • recursion limit = 50 frames
  • number of child process = 0 (disabled fork or thread at the OS level)
  • pysandbox is able to catch crashed like segmentation fault (SIGSEGV)
  • stdin, stdout, and stderr are redirected to /dev/null (or :NUL on Windows)

There's also a wealth of features available, that can be turned on and off using SandboxConfig, including:

  • "codecs": codecs module
  • "debug_sandbox": allow to display a traceback of the sandbox.
  • "encodings": encodings module with ascii, latin_1, utf_8, utf_16_be, utf_32_be and rot_13 codecs (submodules).
  • "interpreter": give access to standard streams, enable traceback.

PySandbox features a CPython restricted mode, which is currently deemed "unsafe" due to the possible execution of arbitrary bytecode.  Unfortunately, the restricted mode no longer exists in Python 3, as it was removed with the bastion and exec modules.

Currently, it has been tested on Python 2.5 and 2.6, but support for Python 3 is in the works. For more information on PySandbox, or to download the source files, visit the github page.

Learn how divergent branches can appear in your repository and how to better understand why they are called “branches".  Brought to you in partnership with Wakanda


Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}