1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
import json
import multiprocessing
import os
import subprocess
import sys
from rmq import Rmq
class Snekbox:
"""Core snekbox functionality, providing safe execution of Python code."""
def __init__(self,
nsjail_binary='nsjail',
python_binary=os.path.dirname(sys.executable) + os.sep + 'python3.6'):
self.nsjail_binary = nsjail_binary
self.python_binary = python_binary
self._nsjail_workaround()
env = {
'PATH': (
'/snekbox/.venv/bin:/usr/local/bin:/usr/local/'
'sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
),
'LANG': 'en_US.UTF-8',
'PYTHON_VERSION': '3.6.5',
'PYTHON_PIP_VERSION': '10.0.1',
'PYTHONDONTWRITEBYTECODE': '1',
}
def _nsjail_workaround(self):
dirs = ['/sys/fs/cgroup/pids/NSJAIL', '/sys/fs/cgroup/memory/NSJAIL']
for d in dirs:
if not os.path.exists(d):
os.makedirs(d)
def python3(self, cmd):
"""
Execute Python 3 code in a isolated environment.
The value of ``cmd`` is passed using '-c' to a Python
interpreter that is started in a ``nsjail``, isolating it
from the rest of the system.
Returns the output of executing the command (stdout) if
successful, or a error message if the execution failed.
"""
args = [self.nsjail_binary, '-Mo',
'--rlimit_as', '700',
'--chroot', '/',
'-E', 'LANG=en_US.UTF-8',
'-R/usr', '-R/lib', '-R/lib64',
'--user', 'nobody',
'--group', 'nogroup',
'--time_limit', '2',
'--disable_proc',
'--iface_no_lo',
'--cgroup_pids_max=1',
'--cgroup_mem_max=52428800',
'--quiet', '--',
self.python_binary, '-ISq', '-c', cmd]
try:
proc = subprocess.Popen(args,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=self.env,
universal_newlines=True)
except ValueError:
return 'ValueError: embedded null byte'
stdout, stderr = proc.communicate()
if proc.returncode == 0:
output = stdout
elif proc.returncode == 1:
try:
filtered = []
for line in stderr.split('\n'):
if not line.startswith('['):
filtered.append(line)
output = '\n'.join(filtered)
except IndexError:
output = ''
elif proc.returncode == 109:
return 'timed out or memory limit exceeded'
elif proc.returncode == 255:
return 'permission denied (root required)'
elif proc.returncode:
return f'unknown error, code: {proc.returncode}'
else:
return 'unknown error, no error code'
return output
def execute(self, body):
"""
Handles execution of a raw JSON-formatted RMQ message, contained in ``body``.
The message metadata, including the Python code to be executed, is
extracted from the message body. The code is then executed in the
isolated environment, and the results of the execution published
to RMQ. Once published, the system exits, since the snekboxes
are created and disposed of per-execution.
"""
msg = body.decode('utf-8')
result = ''
snek_msg = json.loads(msg)
snekid = snek_msg['snekid']
snekcode = snek_msg['message'].strip()
result = self.python3(snekcode)
rmq.publish(result,
queue=snekid,
routingkey=snekid,
exchange=snekid)
exit(0)
def message_handler(self, ch, method, properties, body, thread_ws=None):
"""Spawns a daemon process that handles RMQ messages."""
p = multiprocessing.Process(target=self.execute, args=(body,))
p.daemon = True
p.start()
ch.basic_ack(delivery_tag=method.delivery_tag)
if __name__ == '__main__':
try:
rmq = Rmq()
snkbx = Snekbox()
rmq.consume(callback=snkbx.message_handler)
except KeyboardInterrupt:
print('Exited')
exit(0)
|
