Skip to content

Commit

Permalink
previewer - relax sandboxing
Browse files Browse the repository at this point in the history 
allow matplotlib, disable gui
allow file open in read mode
  • Loading branch information
@idanpa
idanpa committed Mar 29, 2024
1 parent ba3f3e2 commit 78431ae
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions previewer/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
import ast
import sys
from types import ModuleType
import traceback
import IPython
from prompt_toolkit.styles import Style, merge_styles
from traitlets.config.loader import Config
Expand Down Expand Up @@ -71,15 +70,14 @@ def __init__(self, exec_conn, ctrl_conn, ns_conn, config=Config(), formatter=str
self.start()

def sandbox_pre(self):
for module_name in ['matplotlib', 'tkinter', 'pyperclip']:
for module_name in ['tkinter', 'pyperclip', 'PyQt5', 'PyQt6', 'PySide2', 'PySide6', 'GLib', 'Gtk', 'gi']:
sys.modules[module_name] = None

def previewer_open(self, file, mode='r', buffering=-1, encoding=None, errors=None, newline=None, closefd=True, opener=None):
if any(['importlib' in fs.filename for fs in traceback.extract_stack()]) or \
file == os.devnull:
if mode=='r' or mode=='rb' or file == os.devnull:
return self._open(file, mode=mode, buffering=buffering, encoding=encoding, errors=errors, newline=newline, closefd=closefd, opener=opener)
else:
raise IOError('open is not allowed in previewer')
raise IOError(f'open is not allowed in previewer ({file}, {mode})')

def sandbox_post(self):
try:
Expand All @@ -93,6 +91,11 @@ def sandbox_post(self):
from numpy.testing._private.utils import _SUPPORTS_SVE
except (ModuleNotFoundError, ImportError):
pass
try:
import matplotlib
matplotlib.use('template') # do nothing backend
except (ModuleNotFoundError, ImportError):
pass
import subprocess
subprocess.Popen = None
import builtins
Expand Down

0 comments on commit 78431ae

Please sign in to comment.