injecting functions into a python sandbox within a python program

Bruno Desthuilliers bdesth.quelquechose at
Wed Jan 10 00:19:35 CET 2007

Graham Menhennitt a écrit :
> I have a large Python 2.5 program that I want my users to be able to 
> "extend" using a Python script. However, I want their script to run in a 
> sandbox within the overall program so that they only have access to the 
> rest of the program via a single simple interface. Note that this is not 
> meant to be a real anti-hacker type security sandbox - just "help them 
> to avoid shooting themselves in the foot" type security.
> So I created a single object that has the interface that I want them to 
> access. I call their script via "exec" passing the single interface 
> object in the "globals" parameter to exec. It (conceptually) looks like 
> this:
> i = Interface()
> glob = { 'i': i }
> exec script in glob
> Then they can call i.whatever() from within their script. This all works 
> fine.
> Now, what I want to do is provide some "helper" functions for them to 
> use in the script. These functions still only access the rest of the 
> program via 'i'. They just wrap some of the interface functions to make 
> life easier for the user. My current solution is to prepend these 
> functions onto the start of the script. I.e.
> helperFuncs = """
> def f1(): i.whatever()
> """
> exec helperFuncs + "\n" + in glob
> This works but doesn't seem very elegant.


If all your helper functions are really methods of the Interface 
instance, you may try this instead (NB : not tested):

glob = {
   'i': i,
   'f1': i.whatever,
exec script in glob


More information about the Python-list mailing list