[Ironpython-users] Passing Python exceptions in a sandboxed domain

Cesar Mello cmello at gmail.com
Thu Mar 22 15:54:50 CET 2012 

Hi Dino!

It worked perfectly, thanks a lot!

Actually I had already fixed this same problem in other places of the code,
but forgot one... And then I didn't realize it was the same problem.

Now the usability of our product with IronPython embedded is quite nice
even when running inside the sandbox (removed support for decimal for this
initial version). I still need to add some extra reflection permissions
though, but I don't think that can bring security issues.

Thank you and congratulations to all the team for the great work!

Best regards
Mello

On Wed, Mar 21, 2012 at 7:58 PM, Dino Viehland <dinov at microsoft.com> wrote:

>  The Execute methods have ExecuteAndWrap versions which catch the
> exception locally and return it as an ObjectHandle.  You can then pass that
> object handle back into either ObjectOperations or ExceptionOperations to
> do the formatting or conversion into a string in the remote domain.  ****
>
> ** **
>
> If you need code that’s more like what you specifically have below
> (because you’re not just executing code) you can always do the same trick –
> in the remote app domain catch the exception, and then pass out a new
> ObjectHandle to the exception object rather than passing the object back.*
> ***
>
> ** **
>
> *From:* ironpython-users-bounces+dinov=exchange.microsoft.com at python.org[mailto:
> ironpython-users-bounces+dinov=exchange.microsoft.com at python.org] *On
> Behalf Of *Cesar Mello
> *Sent:* Wednesday, March 21, 2012 2:16 PM
> *To:* ironpython-users at python.org
> *Subject:* Re: [Ironpython-users] Passing Python exceptions in a
> sandboxed domain****
>
> ** **
>
> Hey guys,****
>
> ** **
>
> I know this is not IronPython specific, but it is causing pain to embbed
> IronPython in our product. If someone can help, thanks so much!****
>
> ** **
>
> I can repro the problem throwing a TypeErrorException from the restricted
> appdomain like this:****
>
> ** **
>
>         // starts with standard Internet Zone sandbox permissions****
>
>         var evidence = new Evidence();****
>
>         evidence.AddHostEvidence(new Zone(SecurityZone.Internet));****
>
>         var permissionSet = SecurityManager.GetStandardSandbox(evidence);*
> ***
>
>         permissionSet.AddPermission(new
> ReflectionPermission(PermissionState.Unrestricted));****
>
> ** **
>
>         var setup = new AppDomainSetup();****
>
>         setup.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory;****
>
>         setup.ApplicationName = "ConsoleScriptHost";****
>
> ** **
>
>         var domain = AppDomain.CreateDomain(setup.ApplicationName,
> evidence, setup, permissionSet, null);****
>
> ** **
>
>         try****
>
>         {****
>
>           domain.DoCallBack(delegate****
>
>           {****
>
>             var x = new
> IronPython.Runtime.Exceptions.TypeErrorException("xxx");****
>
>             throw x;****
>
>           });****
>
>         }****
>
>         catch (SecurityException ex)****
>
>         {****
>
>           var m = ex.Message; // why this?****
>
>         }****
>
> ** **
>
> ** **
>
> ** **
>
> On Mon, Mar 19, 2012 at 10:50 AM, Cesar Mello <cmello at gmail.com> wrote:***
> *
>
> Hi,****
>
> ** **
>
> When I try to run something like 'None + 2' inside a sandboxed domain, I'm
> getting the following exception:****
>
> ** **
>
> System.Security.SecurityException****
>
> Message: Request failed****
>
> ** **
>
> Stack trace:****
>
> ** **
>
>  at
> IronPython.Runtime.Exceptions.TypeErrorException.GetObjectData(SerializationInfo
> info, StreamingContext context)****
>
>    at System.Runtime.Serialization.ObjectCloneHelper.GetObjectData(Object
> serObj, String& typeName, String& assemName, String[]& fieldNames,
> Object[]& fieldValues)****
>
> ** **
>
> Any help is greatly appreciated.****
>
> ** **
>
> To help debugging, I thought about adding a command line argument to ipy
> console for setting up a standard Internet-zone sandbox.****
>
> ** **
>
> Thank you!****
>
> ** **
>
> Best regards****
>
> Mello****
>
> ** **
>
> ** **
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20120322/dd654bdd/attachment.html>

More information about the Ironpython-users mailing list