WASM-powered, sandboxed version of `exec()` for running dynamic code.
Project description
wasm_exec
Wasm-powered, sandboxed implementation of exec()
for safely running dynamic Python code
Install
pip install wasm_exec
Usage
from wasm_exec import WasmExecutor
wasm = WasmExecutor()
code = "print('Hello World!')"
print(wasm.exec(code).text)
>> Hello World!
How does this work?
- Arbitrary Python code is passed to the
wasm_exec
function - A separate Wasm-based Python interpreter is setup via wasmtime in a chroot jail
- The arbitrary code is executed safely inside your isolated interpreter
Why?
There are number of use-cases emerging that require arbitrary code execution, often code that is generate by LLMs (Large Language Models) like ChatGPT. This can enable some really cool functionality - like generative BI or website generation - but also introduce a massive security flaw if implemented via eval() or exec()
. This is because arbitrary code can be executed using these methods. In a worst case scenario, exec
'ing arbitrary code could enable some to rm -rf /
your entire server!
This repo intends to provide a secure method of executing arbitrary Python code to empower LLM-based code generation. This was originally intended to be a direct PR to Langchain but given that the problems with exec()
extend to the entire Python ecosystem, it was decided that it would be better as a standalone package.
Prove it.
I understand any claims of being able to securely execute arbitrary code strings (rightfully) raises some eyebrows. Because of that, I've included a set of security-focused tests that attempt to use some common escape patterns to attempt to escape the jailed Wasm Python interpreter, including running the rm -rf /
test on my own personal desktop.
I strongly welcome any attempts to break the interpreter containment and/or security improvements to the code!
Implementation Notes
- I do not claim the jailed Wasm Python interpreter as my original idea. This was inspired by Simon Willison's Blog on this topic and the linked code provided by Tim Bart
- The Wasm Python runtime is redistributed from VMWare Wasm Labs' offering of a Python Wasm runtime
- Shout0out to Langchain as a source for Github workflows
- Because it is a separate interpreter, there are currently some limitations on imports. I am working to test and document these limitations.
Contributing
Contributions VERY welcome! See here.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for wasm_exec-0.1.9-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9526a1d93b8007b8f5fd7c50458f9f834cdbd390044d37bd1dabe10ea0daa1c8 |
|
MD5 | ef197300da479fc3d5aad39a7dc82d6c |
|
BLAKE2b-256 | 6baaa57373ee24079dfa94f52a6ccec49133a8f5eed81641aa2b4ddb62214d61 |