WASM-powered, sandboxed version of `exec()` for running dynamic code.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Jflick58 from gravatar.com Jflick58

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Justin Flick

Requires: Python >=3.8, <4.0

Classifiers

Project description

wasm_exec

Wasm-powered, sandboxed implementation of exec() for safely running dynamic Python code

lint test License: MIT

Install

pip install wasm_exec

Usage

from wasm_exec import WasmExecutor

wasm = WasmExecutor()
code = "print('Hello World!')"
print(wasm.exec(code).text)

>> Hello World!

How does this work?

  • Arbitrary Python code is passed to the wasm_exec function
  • A separate Wasm-based Python interpreter is setup via wasmtime in a chroot jail
  • The arbitrary code is executed safely inside your isolated interpreter

Why?

There are number of use-cases emerging that require arbitrary code execution, often code that is generate by LLMs (Large Language Models) like ChatGPT. This can enable some really cool functionality - like generative BI or website generation - but also introduce a massive security flaw if implemented via eval() or exec(). This is because arbitrary code can be executed using these methods. In a worst case scenario, exec'ing arbitrary code could enable some to rm -rf / your entire server!

This repo intends to provide a secure method of executing arbitrary Python code to empower LLM-based code generation. This was originally intended to be a direct PR to Langchain but given that the problems with exec() extend to the entire Python ecosystem, it was decided that it would be better as a standalone package.

Prove it.

I understand any claims of being able to securely execute arbitrary code strings (rightfully) raises some eyebrows. Because of that, I've included a set of security-focused tests that attempt to use some common escape patterns to attempt to escape the jailed Wasm Python interpreter, including running the rm -rf / test on my own personal desktop.

I strongly welcome any attempts to break the interpreter containment and/or security improvements to the code!

Implementation Notes

  • I do not claim the jailed Wasm Python interpreter as my original idea. This was inspired by Simon Willison's Blog on this topic and the linked code provided by Tim Bart
  • The Wasm Python runtime is redistributed from VMWare Wasm Labs' offering of a Python Wasm runtime
  • Shout0out to Langchain as a source for Github workflows
  • Because it is a separate interpreter, there are currently some limitations on imports. I am working to test and document these limitations.

Contributing

Contributions VERY welcome! See here.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Jflick58 from gravatar.com Jflick58

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Justin Flick

Requires: Python >=3.8, <4.0

Classifiers

Release history Release notifications | RSS feed

This version

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wasm_exec-0.1.9.tar.gz (9.8 MB view hashes)

Uploaded Source

Built Distribution

wasm_exec-0.1.9-py3-none-any.whl (9.9 MB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page