Right now, when evaluating exec(code), it runs under the current namespace (the one defined in the function run_code).
Which means that it will have access to variables under the run_code namespace.
This not only posses issues with memory and time checking, but also could lead to bugs like:
not detecting a RTE in a proper time. For instance, if the code has a NameError but for some reason the run_code namespace contains this missing name, the code could end up running, even when it should be raising an exception, and then the final verdict could be different from RTE.
referring to the names in run_code instead of the ones in the code being evaluated, depending on the implementations.
WE WANT to FIX this by isolating the code being evaluated. Perhaps consider having a different process for this code, or having a container or a separate Virtual Machine.
Right now, when evaluating
exec(code)
, it runs under the current namespace (the one defined in the functionrun_code
). Which means that it will have access to variables under therun_code
namespace. This not only posses issues with memory and time checking, but also could lead to bugs like:NameError
but for some reason therun_code
namespace contains this missing name, the code could end up running, even when it should be raising an exception, and then the final verdict could be different from RTE.run_code
instead of the ones in the code being evaluated, depending on the implementations.WE WANT to FIX this by isolating the code being evaluated. Perhaps consider having a different process for this code, or having a container or a separate Virtual Machine.