1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
import json
import multiprocessing
import subprocess
import threading
import time
from logs import log
from rmq import Rmq
class Snekbox(object):
def __init__(self, nsjail_binary='nsjail', python_binary='/usr/local/bin/python3.6'):
self.nsjail_binary = nsjail_binary
self.python_binary = python_binary
env = {
'PATH': '/snekbox/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
'LANG': 'en_US.UTF-8',
'PYTHON_VERSION': '3.6.5',
'PYTHON_PIP_VERSION': '10.0.1',
'PYTHONDONTWRITEBYTECODE': '1',
}
def python3(self, cmd):
args = [self.nsjail_binary, '-Mo',
'--rlimit_as', '700',
'--chroot', '/',
'-E', 'LANG=en_US.UTF-8',
'-R/usr', '-R/lib', '-R/lib64',
'--user', 'nobody',
'--group', 'nogroup',
'--time_limit', '2',
'--disable_proc',
'--iface_no_lo',
'--quiet', '--', self.python_binary, '-ISq', '-c', cmd]
proc = subprocess.Popen(args,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=self.env,
universal_newlines=True)
stdout, stderr = proc.communicate()
if proc.returncode == 0:
output = stdout
elif proc.returncode == 1:
try:
output = stderr.split('\n')[-2]
except IndexError:
output = ''
elif proc.returncode == 109:
output = 'timed out or memory limit exceeded'
else:
output = 'unknown error'
return output
def execute(self, body):
msg = body.decode('utf-8')
log.info(f'incoming: {msg}')
result = ''
snek_msg = json.loads(msg)
snekid = snek_msg['snekid']
snekcode = snek_msg['message'].strip()
result = self.python3(snekcode)
log.info(f'outgoing: {result}')
rmq.publish(result,
queue=snekid,
routingkey=snekid,
exchange=snekid)
exit(0)
def stopwatch(self, process):
log.debug(f'10 second timer started for process {process.pid}')
for _ in range(10):
time.sleep(1)
if not process.is_alive():
log.debug(f'Clean exit on process {process.pid}')
exit(0)
process.terminate()
log.debug(f'Terminated process {process.pid} forcefully')
def message_handler(self, ch, method, properties, body, thread_ws=None):
p = multiprocessing.Process(target=self.execute, args=(body,))
p.daemon = True
p.start()
t = threading.Thread(target=self.stopwatch, args=(p,))
t.daemon = True
t.start()
ch.basic_ack(delivery_tag=method.delivery_tag)
if __name__ == '__main__':
try:
rmq = Rmq()
snkbx = Snekbox()
rmq.consume(callback=snkbx.message_handler)
except KeyboardInterrupt:
print('Exited')
exit(0)
|
