<div dir="ltr"><div><div><div><div><div><div><div><div><div><div>Hi Scott,<br><br></div>Flippant answer: just remove the offending nodes and run the code without them!<br><br></div>Serious answer: yes, I think that would be in scope for IPython. String-based input transformers can now reject input (by raising SyntaxError), so it makes sense for AST based transformers to have the same possibility. Though I'm not sure yet quite what semantics I'd like. SyntaxError seems a bit wrong when the code is valid Python syntax. Maybe we should define our own exception class for this.<br><br></div>A couple of cautions about doing sandboxing this way:<br></div>- AST transformers only run on code run directly in IPython - if you can run another file (e.g. with %run, import, execfile, IPython !shell escapes, etc.), this will not check its AST. So you will also need to take care to prevent the user from either writing files or running them, both of which are tricky.<br></div>- Checking Python code like this is hard. E.g. if you check for Name nodes with id='eval', I can bypass it by doing this:<br><br></div>import builtins<br></div>ev = getattr(builtins, 'eval')<br></div>ev('unchecked_code')<br><br></div>Sandboxing is possible, but you have to restrict quite a few things to make it stick.<br><br></div>Thomas<br><div><div class="gmail_extra"><br><br><div class="gmail_quote">On 5 September 2014 08:01, ssanderson <span dir="ltr"><<a href="mailto:ssanderson@quantopian.com" target="_blank">ssanderson@quantopian.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
I'm currently working on a project over at Quantopian<br>
<<a href="http://quantopian.com" target="_blank">http://quantopian.com</a>> that involves running a notebook server in an<br>
environment that's sandboxed in various ways. One thing that I'd like to be<br>
able to do is hook in some of our AST transformation machinery for<br>
statically rejecting certain classes of inputs (e.g. code can't do exec/eval<br>
and can only import certain modules). I can do this currently by writing my<br>
own Python kernel and doing an AST pass in do_execute, but that means I<br>
can't easily support IPython's extended syntax.<br>
<br>
It seems like the right place for me to do this sort of extension is by<br>
passing a list of transformers to InteractiveShell, but the issue I run into<br>
there is that there doesn't seem to be any notion of an AST Transformer<br>
that's allowed to fail or signal rejection in some way. I could probably<br>
work around this by having our transformers just replace the input code with<br>
entirely different code that raises an appropriate exception, but that makes<br>
it pretty cumbersome to change the behavior for different sorts of inputs,<br>
so I'm wondering whether you guys would consider it in-scope for<br>
InteractiveShell to support a notion of NodeTransformers that can reject<br>
input.<br>
<br>
Alternatively, if you think there's a better way for me to do this sort of<br>
thing given the current codebase, I'd be happy to hear.<br>
<br>
Thanks,<br>
-Scott Sanderson<br>
<br>
<br>
<br>
--<br>
View this message in context: <a href="http://python.6.x6.nabble.com/Registering-Input-Transformers-that-can-Reject-Input-tp5070376.html" target="_blank">http://python.6.x6.nabble.com/Registering-Input-Transformers-that-can-Reject-Input-tp5070376.html</a><br>
Sent from the IPython - Development mailing list archive at Nabble.com.<br>
_______________________________________________<br>
IPython-dev mailing list<br>
<a href="mailto:IPython-dev@scipy.org" target="_blank">IPython-dev@scipy.org</a><br>
<a href="http://mail.scipy.org/mailman/listinfo/ipython-dev" target="_blank">http://mail.scipy.org/mailman/listinfo/ipython-dev</a><br>
</blockquote></div><br></div></div></div>