search

zopefoundation / RestrictedPython

A restricted execution environment for Python to run untrusted code.
http://restrictedpython.readthedocs.io/
Other
470 stars 38 forks source link

Can RestrictedPython be used to Restrict the length of a script #188

Closed Ryan-Gordon1 closed 4 years ago

Ryan-Gordon1 commented 4 years ago

Consider the usecase where I have RestrictedPython setup to compile potentially malicious scripts. As a part of Restrictions I would like to enforce a max number of lines in a script. Is this possible with RestrictedPython?

Example : With a restriction of say 5 lines max. The below would execute : 

import json 
json.dumps({"key": "value"})

But this would raise an exception : 

import json 
json.dumps({"key": "value"})
json.dumps({"key": "value"})
json.dumps({"key": "value"})
json.dumps({"key": "value"})
json.dumps({"key": "value"})
icemac commented 4 years ago

No, this cannot be done with RestrictedPython as a smaller number of lines does make a script less dangerous. Think of putting multiple statements into one line. If you want to measure numbers of lines you have to do this on your own.

Feel free to reopen if this does not answer your question.