This python sandbox uses wasmer to execute untrusted python code in a sandbox. It is expiremental and limited in functionality. This was designed to be used in an assignment autograder.
- Rust WASM layer
- RustPython is used as a dependency in the rust part of this library. RustPython doesn't aim to create sandboxed environments but we can create a simple API for interacting with it while it is being run in a
wasm32-wasiruntime which would effectively sandbox it. - We use WAI to generate glue implementations that we can use to interop between a regular Python environment and RustPython.
- RustPython is used as a dependency in the rust part of this library. RustPython doesn't aim to create sandboxed environments but we can create a simple API for interacting with it while it is being run in a
- Python Layer
- The Python bindings are also generated with WAI and a helper is provided for setup.
You will need Rust and wai-bindgen installed from WAI.
- To compile the Rust code to a WASI binary, run
cargo build --release --target wasm32-wasi- Replace
py_sandbox/py_sandbox.wasmwithtarget/wasm32-wasi/release/py_sandbox.wasmafter building to see changes.
- Replace
- To build new
bindings.pyfromsandbox.wai, runwai-bindgen wasmer-py --import ./sandbox.wai
from wasm_py_sandbox import create_sandbox
# each sandbox has its own memory.
sandbox = create_sandbox()
# returns stdout/err
stdout = sandbox.exec("""
def hello(x):
return x + 5
""")
# result has both stdout/err and return value
result = sandbox.eval("2+2")
print(result.value.value)