search

zopefoundation / RestrictedPython

A restricted execution environment for Python to run untrusted code.
http://restrictedpython.readthedocs.io/
Other
457 stars 38 forks source link

Question - How to enable some imports #208

Closed Rossco8 closed 3 years ago

Rossco8 commented 3 years ago

Hi, I am not understanding the documentation for enablimg some imports. As a simple example, I want to allow the source code to import a global variable, e.g

from __main__ import x

This is my sample code

from RestrictedPython import compile_restricted, safe_builtins, limited_builtins, utility_builtins

x = None
def processCode():
    fileContents = ''
    with open('C:\\mycode.py', "r") as text_file:
        fileContents = text_file.read()

    byte_code = compile_restricted(
        fileContents,
        filename='<inline code>',
        mode='exec'
    )

    global x
    # populate x here

    loc = {}
    exec(byte_code, {'__builtins__': utility_builtins}, loc)
    results = loc['results']

processCode()

and the mycode.py

from __main__ import x

...

results = 'results to return'

the exec() method is failing with __import__ not found
How can I allow some imports?

d-maurer commented 3 years ago

Rossco8 wrote at 2021-5-24 18:58 -0700:

Hi, I am not understanding the documentation for enablimg some imports.

One of the main users of RestrictedPython is Zope. It configures RestrictedPython via the package AccessControl (--> PyPI). You can always look there for examples.

In particular, AccessControl puts a function garded_import as __import__ into safe_builtins to support and control imports.

Rossco8 commented 3 years ago

Thanks @d-maurer but I'm still not sure of the correct usage. I have had a look through AccessControl package and did not find the example I was hoping for. I can see that by providing the safe_builtins argument to the exec() method that my import is now working, however it is also allowing import sys, os - Shouldn't they be blocked?

Are you able to provide small code snippet of the correct way to setup RestrictedPython to allow some whitelisted imports, but not the unsafe ones?

d-maurer commented 3 years ago

Rossco8 wrote at 2021-5-25 16:18 -0700:

Thanks @d-maurer but I'm still not sure of the correct usage. I have had a look through AccessControl package and did not find the example I was hoping for. I can see that by providing the safe_builtins argument to the exec() method that my import is now working, however it is also allowing import sys, os - Shouldn't they be blocked?

Are you able to provide small code snippets of the correct way to setup RestrictedPython to allow some whitelisted imports, but not the unsafe ones?

I am not willing to solve your concrete problem; that, you must do yourself.

To allow for imports, you must define __import__ in safe_builtins. Which imports are allowed (or not) is decided by the (function) value you give __import__.

In AccessControl, guarded_import is used as value for __import__. It uses validate to check whether an import is acceptable. AccessControl's validate delegates to a security manager (which interprets security declarations). Obviously, for your problem, you could implement a validate variant which implements your import policy, i.e. says ok or no for precisely those imports you want to allow or deny.

Note that your validate may have a simpler signature and that from M import N should be allowed if (and only if) import M and M.N are both allowed.

Rossco8 commented 3 years ago

Thanks, Defining import in safe_builtins was the missing piece, it is working now