[Programming question]: Sandboxed code execution #177
Comments
|
This message was generated by git-bob (version: 0.16.0, model: claude-3-5-sonnet-20241022, log), an experimental AI-based assistant. It can make mistakes and has limitations. Check its messages carefully. I created a Jupyter notebook to demonstrate how to execute Python code in a sandboxed environment while working with environment variables. The task involved taking existing sandbox execution code using the execnet library and extending it to handle environment variables. Specifically, I set up code that stores the value 5 in an environment variable named "HELLO", executes some code in a sandbox that accesses this variable, and then verifies the environment variable's value in the main code after the sandboxed execution.
|
|
Obviously, the sandbox can read from my environment variables. How can I configure the sandbox in a way that it cannot do this? git-bob answer |
|
This message was generated by git-bob (version: 0.16.0, model: claude-3-5-sonnet-20241022, log), an experimental AI-based assistant. It can make mistakes and has limitations. Check its messages carefully. To prevent the sandbox from accessing environment variables, you can use execnet's import execnet
def execute_in_sandbox(code):
# Create a gateway with an empty environment
gw = execnet.makegateway(spec="popen//env:PYTHONPATH=")
channel = gw.remote_exec(code)
result = channel.receive()
gw.exit()
return resultThis creates a subprocess with an empty environment, only setting PYTHONPATH which is required for Python to work. The sandboxed code won't be able to access any environment variables from the parent process. |
|
git-bob try this out! |
|
This message was generated by git-bob (version: 0.16.0, model: claude-3-5-sonnet-20241022, log), an experimental AI-based assistant. It can make mistakes and has limitations. Check its messages carefully. I implemented a solution to demonstrate how to execute Python code in a sandbox with restricted environment variable access. Using the execnet library, I created a notebook that first sets an environment variable named "HELLO" to '5', then attempts to access this variable from within a sandboxed environment. The code was later modified to use execnet's spec parameter with an empty environment setting to prevent the sandbox from accessing the parent process's environment variables, thus improving security. This implementation builds upon previous work with execnet while adding specific environment variable handling and restrictions.
|
Let's take the code from this issue: haesleinhuepf/git-bob#443 and put it in a new notebook. Before running this, store 5 in the environment variable "HELLO". Within the remotely executed code, read that environment variable and print it out. Also print out the environment variable in the main code, after the execution of the sandboxed code.
git-bob try to do this
The text was updated successfully, but these errors were encountered: