diff options
| author |  Chris Lovering <[email protected]> | 2024-10-03 19:46:50 +0100 |
|---|---|---|
| committer | Chris Lovering <[email protected]> | 2024-10-03 22:06:38 +0100 |
| commit | 66c6d27335a5d1fc23bd0889d299cb79f3418219 (patch) | |
| tree | 026ab360e4cacb2b4f96b3eb3226fe10cbafaade | |
| parent | Also check if the specified binary path is execuatable (diff) | |
Use a shared default const
This was needed due to wanting a default value when calling python3 diurectly, but also when not specified via the API call
| -rw-r--r-- | snekbox/api/resources/eval.py | 7 | ||||
| -rw-r--r-- | snekbox/nsjail.py | 12 |
2 files changed, 14 insertions, 5 deletions
diff --git a/snekbox/api/resources/eval.py b/snekbox/api/resources/eval.py index 943ecff..3172f60 100644 --- a/snekbox/api/resources/eval.py +++ b/snekbox/api/resources/eval.py @@ -6,7 +6,7 @@ from pathlib import Path import falcon from falcon.media.validators.jsonschema import validate -from snekbox.nsjail import NsJail +from snekbox.nsjail import DEFAULT_BINARY_PATH, NsJail from snekbox.snekio import FileAttachment, ParsingError __all__ = ("EvalResource",) @@ -126,7 +126,9 @@ class EvalResource: body["args"].append(body["input"]) binary_path = body.get("binary_path") - if binary_path: + if not binary_path: + binary_path = DEFAULT_BINARY_PATH + else: binary_path = Path(binary_path) if not binary_path.exists(): raise falcon.HTTPBadRequest(title="binary_path does not exist") @@ -134,6 +136,7 @@ class EvalResource: raise falcon.HTTPBadRequest(title="binary_path is not a file") if not binary_path.stat().st_mode & 0o100 == 0o100: raise falcon.HTTPBadRequest(title="binary_path is not executable") + binary_path = binary_path.resolve().as_posix() try: result = self.nsjail.python3( diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index 55c620a..fe95f80 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -26,6 +26,7 @@ log = logging.getLogger(__name__) LOG_PATTERN = re.compile( r"\[(?P<level>(I)|[DWEF])\]\[.+?\](?(2)|(?P<func>\[\d+\] .+?:\d+ )) ?(?P<msg>.+)" ) +DEFAULT_BINARY_PATH = "/snekbin/python/default/bin/python" class NsJail: @@ -168,7 +169,12 @@ class NsJail: return "".join(output) def _build_args( - self, py_args: Iterable[str], nsjail_args: Iterable[str], log_path: str, fs_home: str, binary_path: str + self, + py_args: Iterable[str], + nsjail_args: Iterable[str], + log_path: str, + fs_home: str, + binary_path: str, ) -> Sequence[str]: if self.cgroup_version == 2: nsjail_args = ("--use_cgroupv2", *nsjail_args) @@ -185,7 +191,7 @@ class NsJail: nsjail_args = ( # Mount `home` with Read/Write access "--bindmount", - f"{fs_home}:home", + f"{fs_home}:home", # noqa: E231 *nsjail_args, ) @@ -256,7 +262,7 @@ class NsJail: py_args: Iterable[str], files: Iterable[FileAttachment] = (), nsjail_args: Iterable[str] = (), - binary_path: Path = "/lang/python/default/bin/python", + binary_path: Path = DEFAULT_BINARY_PATH, ) -> EvalResult: """ Execute Python 3 code in an isolated environment and return the completed process. |