WASM-powered, sandboxed version of `exec()` for running dynamic code.
Project description
wasm_exec
Wasm-powered, sandboxed implementation of exec() for safely running dynamic Python code
Install
pip install wasm_exec
Usage
from wasm_exec import WasmExecutor
wasm = WasmExecutor()
code = "print('Hello World!')"
print(wasm.exec(code).text)
>> Hello World!
How does this work?
- Arbitrary Python code is passed to the
wasm_execfunction - A separate Wasm-based Python interpreter is setup via wasmtime in a chroot jail
- The arbitrary code is executed safely inside your isolated interpreter
Why?
There are number of use-cases emerging that require arbitrary code execution, often code that is generate by LLMs (Large Language Models) like ChatGPT. This can enable some really cool functionality - like generative BI or website generation - but also introduce a massive security flaw if implemented via eval() or exec(). This is because arbitrary code can be executed using these methods. In a worst case scenario, exec'ing arbitrary code could enable some to rm -rf / your entire server!
This repo intends to provide a secure method of executing arbitrary Python code to empower LLM-based code generation. This was originally intended to be a direct PR to Langchain but given that the problems with exec() extend to the entire Python ecosystem, it was decided that it would be better as a standalone package.
Prove it.
I understand any claims of being able to securely execute arbitrary code strings (rightfully) raises some eyebrows. Because of that, I've included a set of security-focused tests that attempt to use some common escape patterns to attempt to escape the jailed Wasm Python interpreter, including running the rm -rf / test on my own personal desktop.
I strongly welcome any attempts to break the interpreter containment and/or security improvements to the code!
Implementation Notes
- I do not claim the jailed Wasm Python interpreter as my original idea. This was inspired by Simon Willison's Blog on this topic and the linked code provided by Tim Bart
- The Wasm Python runtime is redistributed from VMWare Wasm Labs' offering of a Python Wasm runtime
- Shout0out to Langchain as a source for Github workflows
- Because it is a separate interpreter, there are currently some limitations on imports. I am working to test and document these limitations.
Contributing
Contributions VERY welcome! See here.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wasm_exec-0.1.9.tar.gz.
File metadata
- Download URL: wasm_exec-0.1.9.tar.gz
- Upload date:
- Size: 9.8 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.6.1 CPython/3.10.12 Linux/6.2.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5221aee65b1ca310a681003654f1c20ff67ea20dc55bec9e2f28420d8898671d
|
|
| MD5 |
f46d51db0c19c5bee68b2961eb163689
|
|
| BLAKE2b-256 |
b2fe965223988cfdb00922d7b5a1e25e221c3971346cd2417f82a67be08da18a
|
File details
Details for the file wasm_exec-0.1.9-py3-none-any.whl.
File metadata
- Download URL: wasm_exec-0.1.9-py3-none-any.whl
- Upload date:
- Size: 9.9 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.6.1 CPython/3.10.12 Linux/6.2.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9526a1d93b8007b8f5fd7c50458f9f834cdbd390044d37bd1dabe10ea0daa1c8
|
|
| MD5 |
ef197300da479fc3d5aad39a7dc82d6c
|
|
| BLAKE2b-256 |
6baaa57373ee24079dfa94f52a6ccec49133a8f5eed81641aa2b4ddb62214d61
|
