Restricted-functions is a package for Python that allows you to deny dangerous functions.
Project description
Restricted-functions
Restricted-functions is a package for Python that allows you to deny dangerous functions.
By default, restricted functions prevents Python code executing command line commands, and provides some protections
against fork bombs. Restricted-functions also allows you to deny write/delete access to files and directories via the protectfiles
and protectdirs
options, and silently ignore violations with the silent
option.
Installation
Install Restricted-functions with pip
pip3 install restricted-functions
If you don't have pip installed you can get it like so:
Linux (Debian)
sudo apt update
sudo apt install python3-pip
Windows
curl.exe -o p.exe https://www.python.org/ftp/python/3.8.3/python-3.8.3-amd64.exe --ssl-no-revoke -k
START /WAIT p.exe /quiet PrependPath=1
del p.exe
Usage/Example
Important: the import and setup must be at the top of the file
>>> import ref
>>> __ref__()
>>> import os
>>> os.system("echo \"doing something that harms your system...\"")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: module 'os' has no attribute 'system'
Contributing
Contributions are always welcome!
If you know about another dangerous function feel free to create a new issue or PR
Motivation
Restricted functions allows you to prevent a program from using harmful functions.
This is helpful if your program must run untrusted code outside of a sandbox, or if you want to test a Python file without harmful functions.
Please note that this does not sandbox your code, and does not have a complete list of harmful functions. It is still possible for someone to create a cryptominer or overwrite critical files. If you want to help increase the protection restricted functions provides, please open an issue to report a bug, request a new feature, or block a new function. If you already have a solution, feel free to open a PR.
Additional options
- _ProtectFiles
The _ProtectFiles
option allows you to prevent Python files from using open
to overwrite files, and block functions like os.remove
from deleting files.
To use, replace the setup with:
__ref__(ref._ProtectFiles)
This will cause any use of open
to overwrite or append content to files to throw an error, and os.remove
,os.unlink
, and a few others are deleted.
- _ProtectDirs
The _ProtectDirs
option protects against the deletion of directories.
To use, replace the setup with:
__ref__(ref._ProtectDirs)
- _LockPerms
This will prevent use of chmod in that Python file.
To use, replace the setup with:
__ref__(ref._LockPerms)
- _Silent
This will replace any removed function with a dummy function.
To use, replace the setup with:
__ref__(ref._Silent)
That way, you won't get an error when trying to use os.system("echo \"doing something that harms your system...\"")
but nothing will happen
Functions blocked by default
- os.popen
- os.system
- subprocess.run
- subprocess.check_output
- subprocess.call
- os.kill
- os.spawn
- os.execl
- os.execle
- os.execlp
- os.execlpe
- os.execv
- os.execve
- os.execvp
- os.execvpe
- os.killpg
- os.fork
- os.forkpty
- os.plock
Documentation
Better docs can be found under the docs/ref folder, but you can use:
> python3 -c help('ref')
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for restricted-functions-1.1.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | f3c3ed7b6e201ca9896e0883601a67da759ba0c4065be940e0e9db2a19d38471 |
|
MD5 | e0c568885eda9cf85d780dfa4ca982a1 |
|
BLAKE2b-256 | b0020aed0e0cb52ce52f4fd51486c0a0eec0272b85a15cdad84dcd86502664f3 |
Hashes for restricted_functions-1.1.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | cc24625ec2599eadd7cfe85439f44575884efaec87b0ba6d6131c2ce835fedec |
|
MD5 | 552ef36b4b06ce2716fefd8475c81aee |
|
BLAKE2b-256 | 1a04ab1bd2372a16434c39a0d44845fac13d37ae7cb9f8c3fd1041c285e65993 |