Skip to main content

Verifies that compiled Python bytecode is safe to execute

Project description

Python Bytecode Verifier’s purpose is similar to that of Java or .NET bytecode verifiers; to ensure that an externally compiled bytecode is safe to be executed in the runtime environment. Using a verifier in the Python interpreter could securely allow loading compiled bytecode to be loaded into isolated Python environments. Closed source code written in Python as well as external compilers for other languages targeting the Python runtime could safely be used in bytecode form.

This Python Bytecode Verifier is implemented in Python and is written with C portability in mind because the long-term goal is to convince the Python community to accept a bytecode verifier into the CPython interpreter that would increase security of internally compiled Python code and would securely enable the use of externally constructed Python bytecode.

Using a verifier would actually improve security in the CPython interpreter because new code objects are allowed to be created and existing .pyc files are allowed to be loaded; both of them are capable of crashing the CPython interpreter and possibly executing arbitrary native code as it contains no bytecode verifier.

This initial release has support for Python versions 2.5, 2.6, 3.0 and 3.1 and is able to successfully verify itself and all the Python source files in the respective Python source code release.

The verifier currently lacks conformance tests for invalid bytecode and thus is not suitable for production use.

Release history Release notifications | RSS feed

This version


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Python-Bytecode-Verifier-0.1.tar.bz2 (9.7 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page