docker-pypy-sandbox
v0.0.17
Published
A docker-based sandbox to execute untrusted python code using PyPy
Downloads
24
Readme
Docker PyPy Sandbox
This is a fork of docker-python-sandbox, intended to be used with PyPy instead of the typical Python compiler (CPython). Unless you know that you need PyPy, it is advised that you stick with the original package.
Why PyPy over CPython?
PyPy provides a robust sandboxing feature, whereas CPython is notoriously difficult to lock down. PyPy in combination with Docker is a good place to start when exploring arbitrary Python code execution.
Example use (Linux)
- Install Docker
mkdir docker-pypy-sandbox-example && cd docker-pypy-sandbox-example
npm init
(pressreturn
until done)- Install the library:
npm install --save docker-pypy-sandbox
- Pull the docker image used by the library:
docker pull murtyjones/docker-pypy-sandbox
- Create a new file,
index.js
, with the following code:
let Sandbox = require('docker-pypy-sandbox')
const poolSize = 5
let mySandbox = new Sandbox({poolSize})
mySandbox.initialize(err => {
if (err) throw new Error(`unable to initialize the sandbox: ${err}`)
const code = 'print "Hello, world!"'
const timeoutMs = 2 * 1000
mySandbox.run({code, timeoutMs}, (err, result) => {
if (err) throw new Error(`unable to run the code in the sandbox: ${err}`)
console.log(result.stdout); // Hello, world!
})
});
node index.js
Example use (macOS)
NOTE: For an unidentified reason, this library does not work well on macOS. The instructions below will help you to use the library for testing purposes, but this library should only be used in production on a Linux server.
- Install Docker
mkdir docker-pypy-sandbox-example && cd docker-pypy-sandbox-example
npm init
(pressreturn
until done)- Install the library:
npm install --save docker-pypy-sandbox
- Pull the docker image used by the library:
docker pull murtyjones/docker-pypy-sandbox
- Create a new file,
index.js
, with the following code:
let Sandbox = require('docker-pypy-sandbox')
const poolSize = 5
let mySandbox = new Sandbox({poolSize})
mySandbox.initialize(err => {
if (err) throw new Error(`unable to initialize the sandbox: ${err}`)
const code = 'print "Hello, world!"'
const timeoutMs = 2 * 1000
mySandbox.run({code, timeoutMs}, (err, result) => {
if (err) throw new Error(`unable to run the code in the sandbox: ${err}`)
console.log(result.stdout); // Hello, world!
})
});
docker run -it --rm -p 3000:3000 murtyjones/docker-pypy-sandbox
- open a new tabL
CMD + T
node index.js --mac=true