python - Safe method parsing text files with a user provided script -
i'm looking way parse text url has been provided user, parser script has been provided user. eval easy enough, super scary. end goal allow user point server data source , tell server how read data.
what best safest way this? python or node preferred, i'm not limited specific language.
so example. cvs document, i'll have text file. url: http://www.ams.usda.gov/mnreports/lm_xb803.txt
this python script can read file url, , stored on database:
expected_length = 6 requiredfeilds = ['low','high'] requirednonzero = ['low','high'] response = urllib2.urlopen(url) reader = csv.reader(response) grade = none date = none first_row = true keep_list = [] row in reader: if len(row) != expected_length: continue if first_row: date_text = row[2] date_object = datetime.strptime(date_text, '%m/%d/%y') date = date_object.strftime("%y-%m-%d") first_row = false row_label = row[0].strip() row_label = re.sub('\s\s+',' ',row_label) grade_labels = { 'select cuts':'sl', 'choice cuts':'ch', 'choice , select cuts':'slch', 'ground beef':'grnd', 'beef trimmings':'trim' } if row_label in grade_labels.keys(): grade = grade_labels[row_label] continue row.insert(0,grade) row.append(date) # ignore until grade selected if row[0] none: continue # check rqs try: field in requiredfeilds: if len(row[ormmap[field]]) == 0: raise exception('required field missing') except: continue try: field in requirednonzero: if row[ormmap[field]] < 1: raise exception('required field missing') except: continue keep_list.append(row)
i don't know of powerful-enough language can "safely sandboxed" ensure skilled, malevolent user can't damage script (program) or supplies run -- not without os support, is.
fortunately, os support is feasible -- , @ point becomes little relevant language script/program written in.
if spin virtual machine, , run user-supplied program inside bounded resource , close supervision, can make things pretty secure way.
if you're willing trade off assurance of safety less overhead, run user program in bsd jail -- bsd jails have been around long time , matured , proven experience dependable.
linux containers offer similar approach, , promise, haven't been around anywhere long, so, might consider them riskier.
further along spectrum chrome's portable native client, https://developer.chrome.com/native-client , runs user's program (appropriately compiled machine code) in presumably secure sandbox within (chrome) browser.
i'm sure there exist other solutions yet, similar overall approaches, somewhere along vm -> jails/containers -> nacl spectrum or barely outside of it. depending on how overhead can afford, i'd hew close possible "left" (vm) end of spectrum -- rather rely on "supposedly sandboxed" runtime specific language... maybe i'm pessimist this!-)
Comments
Post a Comment