From 9d2c3794a4c95f6c63a7de64172bc35a68403a4c Mon Sep 17 00:00:00 2001 From: Matteo Bertucci Date: Fri, 26 Feb 2021 14:21:00 +0100 Subject: Use base64 encoded code snippets --- backend/routes/forms/unittesting.py | 8 ++++---- resources/unittest_template.py | 6 ++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/backend/routes/forms/unittesting.py b/backend/routes/forms/unittesting.py index 175701f..b12cff2 100644 --- a/backend/routes/forms/unittesting.py +++ b/backend/routes/forms/unittesting.py @@ -1,3 +1,4 @@ +import base64 from collections import namedtuple from itertools import count from textwrap import indent @@ -45,10 +46,9 @@ def _make_unit_code(units: dict[str, str]) -> str: def _make_user_code(code: str) -> str: - """Compose the user code into an actual string variable.""" - # Make sure that we we escape triple quotes in the user code - code = code.replace('"""', '\\"""') - return f'USER_CODE = r"""{code}"""' + """Compose the user code into an actual base64-encoded string variable.""" + code = base64.b64encode(code.encode("utf8")).decode("utf8") + return f'USER_CODE = b"{code}"' async def _post_eval(code: str) -> dict[str, str]: diff --git a/resources/unittest_template.py b/resources/unittest_template.py index 38e3be8..2410278 100644 --- a/resources/unittest_template.py +++ b/resources/unittest_template.py @@ -1,6 +1,7 @@ # flake8: noqa """This template is used inside snekbox to evaluate and test user code.""" import ast +import base64 import io import os import sys @@ -36,14 +37,15 @@ def _exit_sandbox(code: int) -> NoReturn: def _load_user_module() -> ModuleType: """Load the user code into a new module and return it.""" + code = base64.b64decode(USER_CODE).decode("utf8") try: - ast.parse(USER_CODE, "") + ast.parse(code, "") except SyntaxError: RESULT.write("".join(traceback.format_exception(*sys.exc_info(), limit=0))) _exit_sandbox(5) _module = ModuleType("module") - exec(USER_CODE, _module.__dict__) + exec(code, _module.__dict__) return _module -- cgit v1.2.3