Python 中的 Python:限制功能? [英] Python from Python: restricting functionality?
问题描述
可能的重复:
Python,安全,沙盒
我正在用 Python 构建一个企业网络系统,它允许上传脚本并在服务器端运行.鉴于我已经在用 Python 进行开发,而且它是一种非常简单的语言,用它来编写脚本似乎是一种很好的语言.但是,那里存在安全隐患,我想阻止除有限子集之外的所有函数调用.有没有我可以用来做到这一点的机制,或其他一些技术?我是否需要使用其他东西,也许是 Lua?我正在 Pyramid/Pylons 中开发.
I'm building a corporate web system in Python which allows scripts to be uploaded and run serverside. Given I'm already developing in Python and its such a nice simple language, it seems like a good language to write the scripts in. However, there is a security hazard there, I want to block all function calls except a limited subset. Is there a mechanism I can use to do this, or some other technique? Do I need to use something else, Lua perhaps? I'm developing in Pyramid/Pylons.
推荐答案
这是一个糟糕的主意,但只是为了让您了解该选项:
This is a terrible idea, but just to let you know about the option:
您可以使用 RegEx 清理包含 Python 代码的字符串(通过清理我的意思是您需要执行数百次恶意单元测试并严格测试是否足够),使用 RegEx 仅匹配您想要的函数调用,并且然后在字符串上调用 eval().
You could sanitize a string that contains the Python code (and by sanitize I mean you need to do like a few hundred malicious unit tests and heavily test that the sanitation is adequate) with RegEx to only match the function calls you want and then call eval() on the string.
这篇关于Python 中的 Python:限制功能?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
