Right now, when evaluating exec(code), it runs under the current namespace (the one defined in the function run_code).
Which means that it will have access to variables under the run_code namespace.
This not only posses issues with memory and time checking, but also could lead to bugs like:
not detecting a RTE in a proper time. For instance, if the code has a NameError but for some reason the run_code namespace contains this missing name, the code could end up running, even when it should be raising an exception, and then the final verdict could be different from RTE.
referring to the names in run_code instead of the ones in the code being evaluated, depending on the implementations.
WE WANT to FIX this by isolating the code being evaluated. Perhaps consider having a different process for this code, or having a container or a separate Virtual Machine.
Right now, when evaluating
exec(code), it runs under the current namespace (the one defined in the functionrun_code). Which means that it will have access to variables under therun_codenamespace. This not only posses issues with memory and time checking, but also could lead to bugs like:NameErrorbut for some reason therun_codenamespace contains this missing name, the code could end up running, even when it should be raising an exception, and then the final verdict could be different from RTE.run_codeinstead of the ones in the code being evaluated, depending on the implementations.WE WANT to FIX this by isolating the code being evaluated. Perhaps consider having a different process for this code, or having a container or a separate Virtual Machine.