blob: 45fa8870945068857df7f83d71ea5eb3f5aa313a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
[](https://travis-ci.com/discord-python/snekbox)
# snekbox
Python sandbox runners for executing code in isolation aka snekbox
The user sends a piece of python code to a snekbox, the snekbox executes the code and sends the result back to the users.
```
+-------------+ +------------+ +-----------+
input -> | |---------->| |-------->| | >----------+
| WEBSERVER | | RABBITMQ | | SNEKBOX | execution |
result <- | |<----------| |<--------| | <----------+
+-------------+ +------------+ +-----------+
^ ^ ^
| | |- Executes python code
| | |- Returns result
| | +-----------------------
| |
| |- Message queues opens on demand and closes automatically
| +---------------------------------------------------------
|
|- Uses websockets for asynchronous connection between webui and webserver
+-------------------------------------------------------------------------
```
## Dependencies
| dep | version (or greater) |
|----------------|:---------------------|
| python | 3.6.5 |
| pip | 10.0.1 |
| pipenv | 2018.05.18 |
| docker | 18.03.1-ce |
| docker-compose | 1.21.2 |
| nsjail | 2.5 |
_________________________________________
## Setup local test
install python packages
```bash
apt-get install -y libprotobuf-dev #needed by nsjail
pipenv sync --dev
```
## NSJail
Copy the appropriate binary to an appropriate path
```bash
cp binaries/nsjail2.6-ubuntu-x86_64 /usr/bin/nsjail
chmod +x /usr/bin/nsjail
```
give nsjail a test run
```bash
nsjail -Mo \
--rlimit_as 700 \
--chroot / \
-E LANG=en_US.UTF-8 \
-R/usr -R/lib -R/lib64 \
--user nobody \
--group nogroup \
--time_limit 2 \
--disable_proc \
--iface_no_lo \
--quiet -- \
python3.6 -ISq -c "print('test')"
```
> if it fails, try without the `--cgroup_pids_max=1`
## Development environment
Start a rabbitmq instance and get the container IP
```bash
docker-compose up -d pdrmq
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' rmq
# expected output with default setting: 172.17.0.2
# If not, change the config.py file to match
```
rabbitmq webinterface: `http://localhost:15672`
start the webserver
```bash
docker-compose up -d pdsnekboxweb
netstat -plnt
# tcp 0.0.0.0:5000 LISTEN
```
`http://localhost:5000`
```bash
pipenv run snekbox # for debugging
# or
docker-compose up pdsnekbox # for running the container
```
________________________________________
## Unit testing and lint
Make sure rabbitmq is running before running tests
```bash
pipenv run lint
pipenv run test
```
________________________________________
## Build the containers
```bash
# Build
pipenv run buildbox
pipenv run buildweb
# Push
pipenv run pushbox
pipenv run pushweb
```
|
