dpk / dotpy3 Goto Github PK

for example, trying to do: https://dotpy3.herokuapp.com/?import%20os;a=os.popen(%22head%20-n%202%20app.py%20|%20tail%20-n%201%22);print(a.read()) will actually return useful things..

Understand that offering eval is inherently "dangerous" but the bar could be set a little higher.

Running the evaluator in a separate process for one would make it more difficult to modify the wsgi / flask service. It would prevent accessing the outer frames and thus the code / variables there of.

Not giving the evaluator write permission to the virtual env or fs at large. Perhaps even chroot, or even better use systemd-nspawn or lambda instead of ec2

Perhaps ro the chroot env, maybe squashfs

Exec the code with it's own empty globals and locals or make a custom importer / source code loader

Return to make response should just use stdout/err of the spawned evaluator process, not store stuff in stringio, which allows people to do output.readline=lambda: anything

These just some ideas idk that anyone really cares about the security of this or what people might be using the service for-- but in it's current form it allows for persistent changes to the service and spying/manipulation of other users requests