[IPython-dev] Registering Input Transformers that can Reject Input

Thomas Kluyver takowl at gmail.com
Fri Sep 5 12:35:38 EDT 2014


Hi Scott,

Flippant answer: just remove the offending nodes and run the code without
them!

Serious answer: yes, I think that would be in scope for IPython.
String-based input transformers can now reject input (by raising
SyntaxError), so it makes sense for AST based transformers to have the same
possibility. Though I'm not sure yet quite what semantics I'd like.
SyntaxError seems a bit wrong when the code is valid Python syntax. Maybe
we should define our own exception class for this.

A couple of cautions about doing sandboxing this way:
- AST transformers only run on code run directly in IPython - if you can
run another file (e.g. with %run, import, execfile, IPython !shell escapes,
etc.), this will not check its AST. So you will also need to take care to
prevent the user from either writing files or running them, both of which
are tricky.
- Checking Python code like this is hard. E.g. if you check for Name nodes
with id='eval', I can bypass it by doing this:

import builtins
ev = getattr(builtins, 'eval')
ev('unchecked_code')

Sandboxing is possible, but you have to restrict quite a few things to make
it stick.

Thomas


On 5 September 2014 08:01, ssanderson <ssanderson at quantopian.com> wrote:

> Hi all,
>
> I'm currently working on a project over at  Quantopian
> <http://quantopian.com>   that involves running a notebook server in an
> environment that's sandboxed in various ways.  One thing that I'd like to
> be
> able to do is hook in some of our AST transformation machinery for
> statically rejecting certain classes of inputs (e.g. code can't do
> exec/eval
> and can only import certain modules).  I can do this currently by writing
> my
> own Python kernel and doing an AST pass in do_execute, but that means I
> can't easily support IPython's extended syntax.
>
> It seems like the right place for me to do this sort of extension is by
> passing a list of transformers to InteractiveShell, but the issue I run
> into
> there is that there doesn't seem to be any notion of an AST Transformer
> that's allowed to fail or signal rejection in some way.  I could probably
> work around this by having our transformers just replace the input code
> with
> entirely different code that raises an appropriate exception, but that
> makes
> it pretty cumbersome to change the behavior for different sorts of inputs,
> so I'm wondering whether you guys would consider it in-scope for
> InteractiveShell to support a notion of NodeTransformers that can reject
> input.
>
> Alternatively, if you think there's a better way for me to do this sort of
> thing given the current codebase, I'd be happy to hear.
>
> Thanks,
> -Scott Sanderson
>
>
>
> --
> View this message in context:
> http://python.6.x6.nabble.com/Registering-Input-Transformers-that-can-Reject-Input-tp5070376.html
> Sent from the IPython - Development mailing list archive at Nabble.com.
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140905/cd7c7887/attachment.html>


More information about the IPython-dev mailing list