WASM-powered sandboxed version of `exec()` for running dynamic code.
Project description
wasm_exec
Wasm-powered, sandboxed implementation of exec()
for safely running dynamic Python code
Install
pip install wasm_exec
Usage
from wasm_exec import wasm_exec
code = "print('Hello World!')"
print(wasm_exec(code).text)
>> Hello World!
How does this work?
- Arbitrary Python code is passed to the
wasm_exec
function - A seperate Wasm-based Python interpreter is setup via wasmtime in a chroot jail
- The arbitrary code is executed safely inside your isolated intepreter
Why?
There are number of use-cases emerging that require arbitrary code execution, often code that is generate by LLMs (Large Language Models) like ChatGPT. This can enable some really cool functionality - like generative BI or website generation - but also introduce a massive security flaw if implemented via eval() or exec()
. This is because arbitrary code can be executed using these methods. In a worst case scenario, exec
'ing arbitrary code could enable some to rm -rf /
your entire server!
This repo intends to provide a secure method of executing arbitrary Python code to empower LLM-based code generation. This was orignally intended to be a direct PR to Langchain but given that the problems with exec()
extend to the entire Python ecosystem, it was decided that it would be better as a standalone package.
Prove it.
I understand any claims of being able to securely execute arbitrary code strings (rightfully) raises some eyebrows. Because of that, I've included a set of security-focused tests that attempt to use some common escape patterns to attempt to escape the jailed Wasm Python intepreter, including running the rm -rf /
test on my own personal desktop.
I strongly welcome any attempts to break the intepreter containment and/or security improvements to the code!
Implementation Notes
- I do not claim the jailed Wasm Python intepreter as my original idea. This was inspired by Simon Willison's Blog on this topic and the linked code provided by Tim Bart
- The Wasm Python runtime is redistributed from VMWare Wasm Labs' offering of a Python Wasm runtime
- Workflows and CONTRIBUTING.md taken from LangChain.
- Because it is a seperate intepreter, there are currently some limitations on imports. I am working to test and document these limitations.
Contributing
Contributions are VERY welcome! See here.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for wasm_exec-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 15893a4d760e5a92440e89f0cc6adfae47c47e416260ae677feafcc38a864412 |
|
MD5 | ad8ed334054b265d0cb2eb0b67662d67 |
|
BLAKE2b-256 | 805bd1e7f0b7e3d9d6fa9de44ae132ed9f4d780b156b7d407c3aaa78293de5e1 |