search

zopefoundation / RestrictedPython

A restricted execution environment for Python to run untrusted code.
http://restrictedpython.readthedocs.io/
Other
456 stars 38 forks source link

Specify time/complexity/cpu/memory limit under which given code should run #252

Closed vamshiaruru-virgodesigns closed 1 year ago

vamshiaruru-virgodesigns commented 1 year ago

FEATURE REQUEST

Not sure if this falls under the scope of this project, or if it is already supported and I can't find it yet. My usecase is that I take some functions from the user and run them. This project helps me make sure that those functions don't contain anything that might delete my files, or make an api call and so on. However, it is still possible for the user to do something like 

while i < 10_000_000_000_000:
     while j < 10_000_000_000_000:
          ....

which can take up a lot of cpu cycles and spend too much time. I would ideally like to block them. One way of doing it is to set a time limit on the function, which I can do using:

@contextmanager
def time_limit(seconds):
    def signal_handler(signum, frame):
        raise Exception("Timed out!")

    signal.signal(signal.SIGALRM, signal_handler)
    signal.alarm(seconds)
    try:
        yield
    finally:
        signal.alarm(0)

Another way of doing is to go through the function code using ast.parse, figure out all the while loops inside the function to measure the complexity. But that is not enough, because a function like this, could cripple my system

def take_inp():
    x = [10] * 10_000_000_000_000
    for i in x:
        i = i * 10
    return x

So the question is, is there a way to limit the amount of memory or complexity or cpu or time a function can take? If not this library, is there any library or helpful tips you could point me to?

Thanks, any help is very appreciated.

d-maurer commented 1 year ago

vamshiaruru wrote at 2023-5-6 00:28 -0700:

... So the question is, is there a way to limit the amount of memory or complexity or cpu or time a function can take? If not this library, is there any library or helpful tips you could point me to?

If you target POSIX systems, then setrlimit might be of help.

The precified limits are for the process; this implies that you potentially must run the untrusted code in a separate process.

vamshiaruru-virgodesigns commented 1 year ago

vamshiaruru wrote at 2023-5-6 00:28 -0700: ... So the question is, is there a way to limit the amount of memory or complexity or cpu or time a function can take? If not this library, is there any library or helpful tips you could point me to? If you target POSIX systems, then setrlimit might be of help. The precified limits are for the process; this implies that you potentially must run the untrusted code in a separate process.

Thank you, I did more research on this and using resource to set limits on a process seems like the best way. After setting cpu cycle limits, cpu time limits etc and using RestrictedPython, I think it should be enough to run some unsafe code :) I am going to close this thread as it doesn't look like it is relevant to this library.