Customizing CGI script via execfile
Thomas A. Bryan
tbryan at python.net
Wed Jan 24 07:18:22 EST 2001
Short version: I had a program that was to be run from
the command line to output HTML. End user customizations
were permitted via a configuration file in each user's
home directory and Python's execfile. I have made
modifications so that the script can be called via CGI,
but the execfile no longer seems safe in this context.
Long version:
I have a program that generates HTML. It was intended that
the program would be installed centrally and that each user
could customize the output easily. To accomplish this quickly,
I simply had the program call execfile on an .rc file in each
user's home directory.
The script has a configuration dictionary and some of the
functionality encapsulated in functions. Something like
this:
configuration = {'fullname': "Your Name",
'mailaddr': "id at some.host",
'body': '<BODY>'}
def generate_footer(configuration, message):
fullname = configuration['fullname']
mailaddr = configuration['mailaddr']
# get a dictionary: localvar -> value
local_strings = vars()
return """
<ADDRESS>
<A HREF="mailto:%(mailaddr)s">
%(fullname)s</A>
</ADDRESS>
</BODY>
</HTML>""" % local_strings
Thus, in the user's .rc file, he can perform simple customization
of the output by writing
configuration['fullname'] = 'Tom Bryan'
configuration['mailaddr'] = 'tbryan at python.net'
configuration['BODY'] = '<BODY BGCOLOR="#FFFFFF">'
Since I call execfile, Python programmers can redefine entire functions,
such as generate_footer, if he'd like completely different behavior from
portions of the program.
Now that I'd like the program to be called as a CGI script, I'd like
to remove the execfile call, but I'd love to continue to permit
extensive customization. For example, the ConfigParser module would
permit customization like I show above with strings in the configuration
dictionary, but it wouldn't permit redefinition of entire functions.
Ideally, I'd only permit customization of the functions and variables
defined in the Python program, without permitting access to most modules
(such as os and system). Otherwise, the script would be much easier to
use as an attack to the system (for example, by pushing a file onto the
system somewhere and calling the CGI script with an overridden
configuration file location). Most of the function redefinition is simply
so that the user can modify what text is output (for example, if his
page uses CSS, he may want to modify the header). It is okay to
deny him access to most Python modules. Is the rexec module what I should
be using? I played with it for a little while, but I wasn't sure whether
rexec could do what I want. I thought about doing something import, but
I'm not sure wether that's sane either. Any suggestions?
---Tom
More information about the Python-list
mailing list