Skip to main content

Verifies that compiled Python bytecode is safe to execute

Project description

Python Bytecode Verifier’s purpose is similar to that of Java or .NET bytecode verifiers; to ensure that an externally compiled bytecode is safe to be executed in the runtime environment. Using a verifier in the Python interpreter could securely allow loading compiled bytecode to be loaded into isolated Python environments. Closed source code written in Python as well as external compilers for other languages targeting the Python runtime could safely be used in bytecode form.

This Python Bytecode Verifier is implemented in Python and is written with C portability in mind because the long-term goal is to convince the Python community to accept a bytecode verifier into the CPython interpreter that would increase security of internally compiled Python code and would securely enable the use of externally constructed Python bytecode.

Using a verifier would actually improve security in the CPython interpreter because new code objects are allowed to be created and existing .pyc files are allowed to be loaded; both of them are capable of crashing the CPython interpreter and possibly executing arbitrary native code as it contains no bytecode verifier.

This initial release has support for Python versions 2.5, 2.6, 3.0 and 3.1 and is able to successfully verify itself and all the Python source files in the respective Python source code release.

The verifier currently lacks conformance tests for invalid bytecode and thus is not suitable for production use.

Release history Release notifications

This version

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for Python-Bytecode-Verifier, version 0.1
Filename, size File type Python version Upload date Hashes
Filename, size Python-Bytecode-Verifier-0.1.tar.bz2 (9.7 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page