stackoom
  简体   繁体   中英

Verify safety of Java classes compiled from Jython

 原文  2014-08-04 04:44:30       java/ python/ jython

Question

Background

I am assisting in the building of a web based interface to program simple AI, which play games and compete against other AI.

One of the main requirements of the system is that user submitted code is verified to be safe to run on the server. Ie, if the submitted code accesses the file system, we need to reject the submission.

Currently, the system runs using Java as a submission language, and performs byte-code analysis to check classes used by the submitted code against a white-list. If the submission uses classes which are not allowed, the submission is rejected.

I am currently exploring our options for supporting submissions in Python, which (using the Jython library) are converted into a Java class that runs against the existing system.

I have run into some issues, which involve the Java-compiled Python code. Namely, a simple Python script (once compiled to Java), doing no more than variable assignments appears to use the same classes as a Python class that reads and writes files. This means that I can't tell (based on classes used) whether or not the file system will be accessed.

Questions

Does the compilation of Python code into a Java object using the Jython libraries simply wrap the code into a class that calls a Python interpreter and executes the Python code? (If so, byte code analysis is not the solution to the problem explained above).

If the Jython libraries do actually create a true Java object, that doesn't call a Python interpreter when running, how can I analyse whether or not the object is attempting to access the file system?

1 answers

solution1
 0  2014-08-04 05:28:10

Is Jython the same language as Python?

Yes. Jython is an implementation of the Python language for the Java platform. Jython 2.5 implements the same language as CPython 2.5, and nearly all of the Core Python standard library modules. (CPython is the C implementation of the Python language.) Jython 2.5 uses the same regression test suite as CPython, with some minor modifications.

https://wiki.python.org/jython/JythonFaq/GeneralInfo

So no need to worry about calling external python interpreter.

To solve problems with code checking, you can try this http://blog.datenwerke.net/p/the-java-sandbox.html Documentation has good samples of how to use it http://blog.datenwerke.net/p/java-sandbox-03-documentation.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to import Java classes from Jython module Use existing Java classes from Jython REPL? Clearing compiled java classes from the command prompt Running Compiled Java classes from batch file Java class from jython Effective Java: Safety of Forwarding Classes How does Jython Thread Safety Apply to Java Swing? PyDev: Jython modules & Java classes in the same project Deducing the version of publicly-available Java code from compiled classes how to create a jar with compiled classes from a source jar in java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM