如何在 Python 中安全地操作用户代码?
[英]How to safely manipulate user code in Python?
问题描述
If I were to make, for example, a program that takes as input a sorting algorithm and determines empirically whether or not the algorithm is partially correct, how would I convert the string input to an executable program?
例如,如果我要制作一个程序,该程序将排序算法作为输入并凭经验确定该算法是否部分正确,我将如何将字符串输入转换为可执行程序? I have read other threads in which it was suggested using exec or eval, but all answers recommended against using this method due to security risks.我已经阅读了其他线程,其中建议使用 exec 或 eval,但由于安全风险,所有答案都建议不要使用此方法。 Is there a way to create such a program that does not involve converting a string to executable code?有没有办法创建这样一个不涉及将字符串转换为可执行代码的程序? Or will it inherently be a risky program no matter the implementation?或者无论实施如何,它本质上都是一个有风险的计划? Lastly, is there another programming language that would be a better alternative to define such a program?最后,是否有另一种编程语言可以更好地替代定义这样的程序?
1 个解决方案
解决方案1
1 已采纳 2016-05-08 01:06:10
Executing Arbitrary Code执行任意代码
No matter what language you choose, if you read code from the user and execute that code, it will be dangerous.无论您选择哪种语言,如果您从用户那里读取代码并执行该代码,那都是危险的。 No ifs, ands, or buts.没有如果,和,或但是。 You notice the same caveats to Python's exec and eval also are noted for Javascript , PHP , and many other languages.您会注意到 Python 的 exec 和 eval 也有同样的警告,适用于Javascript 、 PHP和许多其他语言。
Safely Executing Code from a String从字符串安全地执行代码
There are safe ways to map strings to predefined functions, but there is no safe way to compile/interpret and execute arbitrary code.有将字符串映射到预定义函数的安全方法,但没有安全的方法来编译/解释和执行任意代码。
One good example is the following on how to safely map functions to a string:一个很好的例子是关于如何安全地将函数映射到字符串的以下示例:
functions = {
'print': print,
'str': str,
'int': int
}
name = input('Choose from the above functions here')
functions.get(name)()
Static Code Analysis静态代码分析
And for the final answer, potentially, but no, as there would be ways of evaluating a sorting algorithm, but they're unlikely to be effective, reproducible, or accurate without compiling the code or at least interpreting it.对于最终答案,可能,但不是,因为会有评估排序算法的方法,但如果不编译代码或至少解释它,它们不太可能有效、可重复或准确。 Static code analysis is difficult, and can only go so far.静态代码分析很难,只能到此为止。
One simple example for how difficult static code analysis can be even with a single if statement is the following:下面是一个简单的例子,说明即使使用单个 if 语句,静态代码分析也有多么困难:
for index, value in enumerate(range(10)):
if index and value - old == 1:
print(value)
old = value
Some libraries that do static code analysis think this code will raise an error (such as Pylint, for example), because old is defined after it is first used, however, since bool(0) will evaluate to False, old actually only ever checked after the first loop, after it is already defined, and so the code runs without issue.一些做静态代码分析的库认为这段代码会引发错误(例如 Pylint),因为old是在第一次使用后定义的,但是,由于bool(0)将评估为 False, old实际上只检查过在第一个循环之后,在它已经定义之后,因此代码运行没有问题。
Think of the complexity of inputs, the complexity of outputs, and the number of variations of possible sort algorithms that would all be equivalent.想想输入的复杂性、输出的复杂性以及可能的排序算法的变体数量,这些算法都是等价的。 The easiest way to test code is to run it.测试代码最简单的方法是运行它。 There are limitations of dynamic code analysis, but with a given input and then comparing it to the desired output, you can get a good idea if the code works as it should, something that is very difficult with merely static analysis.动态代码分析存在局限性,但是对于给定的输入,然后将其与所需的输出进行比较,您可以了解代码是否按预期工作,这对于仅使用静态分析是非常困难的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.