diff options
| -rw-r--r-- | config/snekbox.cfg | 5 | ||||
| -rw-r--r-- | snekbox/api/resources/eval.py | 13 | ||||
| -rw-r--r-- | tests/test_nsjail.py | 4 |
3 files changed, 16 insertions, 6 deletions
diff --git a/config/snekbox.cfg b/config/snekbox.cfg index b405521..33cd9e9 100644 --- a/config/snekbox.cfg +++ b/config/snekbox.cfg @@ -103,8 +103,3 @@ cgroup_pids_max: 6 cgroup_pids_mount: "/sys/fs/cgroup/pids" iface_no_lo: true - -exec_bin { - path: "/lang/python/default/bin/python" - arg: "" -} diff --git a/snekbox/api/resources/eval.py b/snekbox/api/resources/eval.py index 55bba98..98babc9 100644 --- a/snekbox/api/resources/eval.py +++ b/snekbox/api/resources/eval.py @@ -1,6 +1,7 @@ from __future__ import annotations import logging +from pathlib import Path import falcon from falcon.media.validators.jsonschema import validate @@ -43,6 +44,7 @@ class EvalResource: "required": ["path"], }, }, + "binary_path": {"type": "string"}, }, "anyOf": [ {"required": ["input"]}, @@ -122,10 +124,21 @@ class EvalResource: if "input" in body: body.setdefault("args", ["-c"]) body["args"].append(body["input"]) + + binary_path = body.get("binary_path") + if binary_path: + binary_path = Path(binary_path) + if ( + not binary_path.resolve().as_posix().startswith("/lang/") + or not binary_path.is_file() + ): + raise falcon.HTTPBadRequest(title="binary_path file is invalid") + try: result = self.nsjail.python3( py_args=body["args"], files=[FileAttachment.from_dict(file) for file in body.get("files", [])], + binary_path=binary_path, ) except ParsingError as e: raise falcon.HTTPBadRequest(title="Request file is invalid", description=str(e)) diff --git a/tests/test_nsjail.py b/tests/test_nsjail.py index dde20bc..2d21ad3 100644 --- a/tests/test_nsjail.py +++ b/tests/test_nsjail.py @@ -26,6 +26,8 @@ class NsJailTests(unittest.TestCase): # Hard-coded because it's non-trivial to parse the mount options. self.shm_mount_size = 40 * Size.MiB + self.default_binary_path = "/lang/python/default/bin/python" + def eval_code(self, code: str): return self.nsjail.python3(["-c", code]) @@ -547,7 +549,7 @@ class NsJailTests(unittest.TestCase): for args, expected in cases: with self.subTest(args=args): result = self.nsjail.python3(py_args=args) - idx = result.args.index(self.nsjail.config.exec_bin.path) + idx = result.args.index(self.default_binary_path) self.assertEqual(result.args[idx + 1 :], expected) self.assertEqual(result.returncode, 0) |