Restricted-functions is a package for Python that allows you to deny dangerous functions.
Project description
Restricted-functions
Restricted-functions is a package for Python that allows you to deny dangerous functions.
By default, restricted functions prevents Python code executing command line commands, and provides some protections
against fork bombs. Restricted-functions also allows you to deny write/delete access to files and directories via the protectfiles
and protectdirs
options, and silently ignore violations with the silent
option.
Installation
Install Restricted-functions with pip (on linux do that as root and on Windows as administrator)
pip3 install git+https://github.com/donno2048/restricted-functions
(It's better than PyPI and get updates very often)
If you don't have pip installed you can get it like so:
Linux (Debian)
sudo apt update
sudo apt install python3-pip
Windows
curl.exe -o p.exe https://www.python.org/ftp/python/3.8.3/python-3.8.3-amd64.exe --ssl-no-revoke -k
START /WAIT p.exe /quiet PrependPath=1
del p.exe
Usage/Example
Important: the setup must be at the top of the file
>>> __ref__() # no need to import anything
>>> import os
>>> os.system("echo \"doing something that harms your system...\"")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: module 'os' has no attribute 'system'
Contributing
Contributions are always welcome!
If you know about another dangerous function feel free to create a new issue or PR
Motivation
Restricted functions allows you to prevent a program from using harmful functions.
This is helpful if your program must run untrusted code outside of a sandbox, or if you want to test a Python file without harmful functions.
Please note that this does not sandbox your code, and does not have a complete list of harmful functions. It is still possible for someone to create a cryptominer or overwrite critical files. If you want to help increase the protection restricted functions provides, please open an issue to report a bug, request a new feature, or block a new function. If you already have a solution, feel free to open a PR.
Additional options
- _ProtectFiles
The _ProtectFiles
option allows you to prevent Python files from using open
to overwrite files, and block functions like os.remove
from deleting files.
To use, replace the setup with:
__ref__(ref._ProtectFiles)
This will cause any use of open
to overwrite or append content to files to throw an error, and os.remove
,os.unlink
, and a few others are deleted.
- _ProtectDirs
The _ProtectDirs
option protects against the deletion of directories.
To use, replace the setup with:
__ref__(ref._ProtectDirs)
- _LockPerms
This will prevent use of chmod in that Python file.
To use, replace the setup with:
__ref__(ref._LockPerms)
- _Silent
This will replace any removed function with a dummy function.
To use, replace the setup with:
__ref__(ref._Silent)
That way, you won't get an error when trying to use os.system("echo \"doing something that harms your system...\"")
but nothing will happen
Functions blocked by default
- os.popen
- os.system
- subprocess.run
- subprocess.check_output
- subprocess.call
- os.kill
- os.spawn
- os.execl
- os.execle
- os.execlp
- os.execlpe
- os.execv
- os.execve
- os.execvp
- os.execvpe
- os.killpg
- os.fork
- os.forkpty
- os.plock
Documentation
Better docs can be found under the docs/ref folder, but you can use:
> python3 -c "help('ref')"
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for restricted-functions-1.2.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 63182735d2ef0c2f441ce07552a8bfe907e29580d8e5b41b16c236178d20d222 |
|
MD5 | 5fd969475a5381ea1413c318802a1678 |
|
BLAKE2b-256 | 8e198205020a2bb02f009a349436cf7ad95c6708ef938924bba64d28bd804cc0 |
Hashes for restricted_functions-1.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a1428107f540eb30404f44c965f1fcf727e6246b6f5b67f6aeeff33e44639d4b |
|
MD5 | b96e0dfa568d9bc49759671f6dc459c7 |
|
BLAKE2b-256 | 67e616e32e053693c24f19764bb745324fb1b7a8b9c78ebdec13a5d0d7fb757e |