Hallo friends of Python!
I'm working on a Java project that allows to execute (untrusted) Python user code. I've prevented the availablity of specific Java classes/methods via a custom classloader. But I saw that Jython also provides some native built-in functions that are no Java code: http://www.jython.org/docs/library/functions.html
It would be useful if there's a possibility to detect the execution of specific built-in functions in order to throw an exception if necessary. Otherwise, I'm faced with a security issue if the user is able to read/write to file system or to create network connections.
Would you provide any hooking mechanism during parsing or code execution, please?
On 05/05/2013 13:54, onkelpax-jython@... wrote:
> Hallo friends of Python!
> I'm working on a Java project that allows to execute (untrusted)
> Python user code. I've prevented the availablity of specific Java
> classes/methods via a custom classloader. But I saw that Jython also
> provides some native built-in functions that are no Java code:
When we say they are built-in functions we really only mean that they do
not need to be imported. If the documentation says something is
implemented in C, it's probably poor editing on our part: it is mostly
just a copy of the CPython documentation and things slip through. The
built-in functions are implemented in Java, so if you are satisfied that
you have locked down the JVM, you are probably ok. However, I'm not in a
position to advise you about securing the JVM.
Outside the JVM itself, very little platform-native code is used. One
exception I know of is the jline library (console i/o) which supplies
native methods a dynamic library.
Get latest updates about Open Source Projects, Conferences and News.