Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

sandbox.py 14KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530
  1. import os
  2. import sys
  3. import tempfile
  4. import operator
  5. import functools
  6. import itertools
  7. import re
  8. import contextlib
  9. import pickle
  10. import textwrap
  11. import builtins
  12. import pkg_resources
  13. from distutils.errors import DistutilsError
  14. from pkg_resources import working_set
  15. if sys.platform.startswith('java'):
  16. import org.python.modules.posix.PosixModule as _os
  17. else:
  18. _os = sys.modules[os.name]
  19. try:
  20. _file = file
  21. except NameError:
  22. _file = None
  23. _open = open
  24. __all__ = [
  25. "AbstractSandbox",
  26. "DirectorySandbox",
  27. "SandboxViolation",
  28. "run_setup",
  29. ]
  30. def _execfile(filename, globals, locals=None):
  31. """
  32. Python 3 implementation of execfile.
  33. """
  34. mode = 'rb'
  35. with open(filename, mode) as stream:
  36. script = stream.read()
  37. if locals is None:
  38. locals = globals
  39. code = compile(script, filename, 'exec')
  40. exec(code, globals, locals)
  41. @contextlib.contextmanager
  42. def save_argv(repl=None):
  43. saved = sys.argv[:]
  44. if repl is not None:
  45. sys.argv[:] = repl
  46. try:
  47. yield saved
  48. finally:
  49. sys.argv[:] = saved
  50. @contextlib.contextmanager
  51. def save_path():
  52. saved = sys.path[:]
  53. try:
  54. yield saved
  55. finally:
  56. sys.path[:] = saved
  57. @contextlib.contextmanager
  58. def override_temp(replacement):
  59. """
  60. Monkey-patch tempfile.tempdir with replacement, ensuring it exists
  61. """
  62. os.makedirs(replacement, exist_ok=True)
  63. saved = tempfile.tempdir
  64. tempfile.tempdir = replacement
  65. try:
  66. yield
  67. finally:
  68. tempfile.tempdir = saved
  69. @contextlib.contextmanager
  70. def pushd(target):
  71. saved = os.getcwd()
  72. os.chdir(target)
  73. try:
  74. yield saved
  75. finally:
  76. os.chdir(saved)
  77. class UnpickleableException(Exception):
  78. """
  79. An exception representing another Exception that could not be pickled.
  80. """
  81. @staticmethod
  82. def dump(type, exc):
  83. """
  84. Always return a dumped (pickled) type and exc. If exc can't be pickled,
  85. wrap it in UnpickleableException first.
  86. """
  87. try:
  88. return pickle.dumps(type), pickle.dumps(exc)
  89. except Exception:
  90. # get UnpickleableException inside the sandbox
  91. from setuptools.sandbox import UnpickleableException as cls
  92. return cls.dump(cls, cls(repr(exc)))
  93. class ExceptionSaver:
  94. """
  95. A Context Manager that will save an exception, serialized, and restore it
  96. later.
  97. """
  98. def __enter__(self):
  99. return self
  100. def __exit__(self, type, exc, tb):
  101. if not exc:
  102. return
  103. # dump the exception
  104. self._saved = UnpickleableException.dump(type, exc)
  105. self._tb = tb
  106. # suppress the exception
  107. return True
  108. def resume(self):
  109. "restore and re-raise any exception"
  110. if '_saved' not in vars(self):
  111. return
  112. type, exc = map(pickle.loads, self._saved)
  113. raise exc.with_traceback(self._tb)
  114. @contextlib.contextmanager
  115. def save_modules():
  116. """
  117. Context in which imported modules are saved.
  118. Translates exceptions internal to the context into the equivalent exception
  119. outside the context.
  120. """
  121. saved = sys.modules.copy()
  122. with ExceptionSaver() as saved_exc:
  123. yield saved
  124. sys.modules.update(saved)
  125. # remove any modules imported since
  126. del_modules = (
  127. mod_name
  128. for mod_name in sys.modules
  129. if mod_name not in saved
  130. # exclude any encodings modules. See #285
  131. and not mod_name.startswith('encodings.')
  132. )
  133. _clear_modules(del_modules)
  134. saved_exc.resume()
  135. def _clear_modules(module_names):
  136. for mod_name in list(module_names):
  137. del sys.modules[mod_name]
  138. @contextlib.contextmanager
  139. def save_pkg_resources_state():
  140. saved = pkg_resources.__getstate__()
  141. try:
  142. yield saved
  143. finally:
  144. pkg_resources.__setstate__(saved)
  145. @contextlib.contextmanager
  146. def setup_context(setup_dir):
  147. temp_dir = os.path.join(setup_dir, 'temp')
  148. with save_pkg_resources_state():
  149. with save_modules():
  150. with save_path():
  151. hide_setuptools()
  152. with save_argv():
  153. with override_temp(temp_dir):
  154. with pushd(setup_dir):
  155. # ensure setuptools commands are available
  156. __import__('setuptools')
  157. yield
  158. _MODULES_TO_HIDE = {
  159. 'setuptools',
  160. 'distutils',
  161. 'pkg_resources',
  162. 'Cython',
  163. '_distutils_hack',
  164. }
  165. def _needs_hiding(mod_name):
  166. """
  167. >>> _needs_hiding('setuptools')
  168. True
  169. >>> _needs_hiding('pkg_resources')
  170. True
  171. >>> _needs_hiding('setuptools_plugin')
  172. False
  173. >>> _needs_hiding('setuptools.__init__')
  174. True
  175. >>> _needs_hiding('distutils')
  176. True
  177. >>> _needs_hiding('os')
  178. False
  179. >>> _needs_hiding('Cython')
  180. True
  181. """
  182. base_module = mod_name.split('.', 1)[0]
  183. return base_module in _MODULES_TO_HIDE
  184. def hide_setuptools():
  185. """
  186. Remove references to setuptools' modules from sys.modules to allow the
  187. invocation to import the most appropriate setuptools. This technique is
  188. necessary to avoid issues such as #315 where setuptools upgrading itself
  189. would fail to find a function declared in the metadata.
  190. """
  191. _distutils_hack = sys.modules.get('_distutils_hack', None)
  192. if _distutils_hack is not None:
  193. _distutils_hack.remove_shim()
  194. modules = filter(_needs_hiding, sys.modules)
  195. _clear_modules(modules)
  196. def run_setup(setup_script, args):
  197. """Run a distutils setup script, sandboxed in its directory"""
  198. setup_dir = os.path.abspath(os.path.dirname(setup_script))
  199. with setup_context(setup_dir):
  200. try:
  201. sys.argv[:] = [setup_script] + list(args)
  202. sys.path.insert(0, setup_dir)
  203. # reset to include setup dir, w/clean callback list
  204. working_set.__init__()
  205. working_set.callbacks.append(lambda dist: dist.activate())
  206. with DirectorySandbox(setup_dir):
  207. ns = dict(__file__=setup_script, __name__='__main__')
  208. _execfile(setup_script, ns)
  209. except SystemExit as v:
  210. if v.args and v.args[0]:
  211. raise
  212. # Normal exit, just return
  213. class AbstractSandbox:
  214. """Wrap 'os' module and 'open()' builtin for virtualizing setup scripts"""
  215. _active = False
  216. def __init__(self):
  217. self._attrs = [
  218. name
  219. for name in dir(_os)
  220. if not name.startswith('_') and hasattr(self, name)
  221. ]
  222. def _copy(self, source):
  223. for name in self._attrs:
  224. setattr(os, name, getattr(source, name))
  225. def __enter__(self):
  226. self._copy(self)
  227. if _file:
  228. builtins.file = self._file
  229. builtins.open = self._open
  230. self._active = True
  231. def __exit__(self, exc_type, exc_value, traceback):
  232. self._active = False
  233. if _file:
  234. builtins.file = _file
  235. builtins.open = _open
  236. self._copy(_os)
  237. def run(self, func):
  238. """Run 'func' under os sandboxing"""
  239. with self:
  240. return func()
  241. def _mk_dual_path_wrapper(name):
  242. original = getattr(_os, name)
  243. def wrap(self, src, dst, *args, **kw):
  244. if self._active:
  245. src, dst = self._remap_pair(name, src, dst, *args, **kw)
  246. return original(src, dst, *args, **kw)
  247. return wrap
  248. for name in ["rename", "link", "symlink"]:
  249. if hasattr(_os, name):
  250. locals()[name] = _mk_dual_path_wrapper(name)
  251. def _mk_single_path_wrapper(name, original=None):
  252. original = original or getattr(_os, name)
  253. def wrap(self, path, *args, **kw):
  254. if self._active:
  255. path = self._remap_input(name, path, *args, **kw)
  256. return original(path, *args, **kw)
  257. return wrap
  258. if _file:
  259. _file = _mk_single_path_wrapper('file', _file)
  260. _open = _mk_single_path_wrapper('open', _open)
  261. for name in [
  262. "stat",
  263. "listdir",
  264. "chdir",
  265. "open",
  266. "chmod",
  267. "chown",
  268. "mkdir",
  269. "remove",
  270. "unlink",
  271. "rmdir",
  272. "utime",
  273. "lchown",
  274. "chroot",
  275. "lstat",
  276. "startfile",
  277. "mkfifo",
  278. "mknod",
  279. "pathconf",
  280. "access",
  281. ]:
  282. if hasattr(_os, name):
  283. locals()[name] = _mk_single_path_wrapper(name)
  284. def _mk_single_with_return(name):
  285. original = getattr(_os, name)
  286. def wrap(self, path, *args, **kw):
  287. if self._active:
  288. path = self._remap_input(name, path, *args, **kw)
  289. return self._remap_output(name, original(path, *args, **kw))
  290. return original(path, *args, **kw)
  291. return wrap
  292. for name in ['readlink', 'tempnam']:
  293. if hasattr(_os, name):
  294. locals()[name] = _mk_single_with_return(name)
  295. def _mk_query(name):
  296. original = getattr(_os, name)
  297. def wrap(self, *args, **kw):
  298. retval = original(*args, **kw)
  299. if self._active:
  300. return self._remap_output(name, retval)
  301. return retval
  302. return wrap
  303. for name in ['getcwd', 'tmpnam']:
  304. if hasattr(_os, name):
  305. locals()[name] = _mk_query(name)
  306. def _validate_path(self, path):
  307. """Called to remap or validate any path, whether input or output"""
  308. return path
  309. def _remap_input(self, operation, path, *args, **kw):
  310. """Called for path inputs"""
  311. return self._validate_path(path)
  312. def _remap_output(self, operation, path):
  313. """Called for path outputs"""
  314. return self._validate_path(path)
  315. def _remap_pair(self, operation, src, dst, *args, **kw):
  316. """Called for path pairs like rename, link, and symlink operations"""
  317. return (
  318. self._remap_input(operation + '-from', src, *args, **kw),
  319. self._remap_input(operation + '-to', dst, *args, **kw),
  320. )
  321. if hasattr(os, 'devnull'):
  322. _EXCEPTIONS = [os.devnull]
  323. else:
  324. _EXCEPTIONS = []
  325. class DirectorySandbox(AbstractSandbox):
  326. """Restrict operations to a single subdirectory - pseudo-chroot"""
  327. write_ops = dict.fromkeys(
  328. [
  329. "open",
  330. "chmod",
  331. "chown",
  332. "mkdir",
  333. "remove",
  334. "unlink",
  335. "rmdir",
  336. "utime",
  337. "lchown",
  338. "chroot",
  339. "mkfifo",
  340. "mknod",
  341. "tempnam",
  342. ]
  343. )
  344. _exception_patterns = []
  345. "exempt writing to paths that match the pattern"
  346. def __init__(self, sandbox, exceptions=_EXCEPTIONS):
  347. self._sandbox = os.path.normcase(os.path.realpath(sandbox))
  348. self._prefix = os.path.join(self._sandbox, '')
  349. self._exceptions = [
  350. os.path.normcase(os.path.realpath(path)) for path in exceptions
  351. ]
  352. AbstractSandbox.__init__(self)
  353. def _violation(self, operation, *args, **kw):
  354. from setuptools.sandbox import SandboxViolation
  355. raise SandboxViolation(operation, args, kw)
  356. if _file:
  357. def _file(self, path, mode='r', *args, **kw):
  358. if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path):
  359. self._violation("file", path, mode, *args, **kw)
  360. return _file(path, mode, *args, **kw)
  361. def _open(self, path, mode='r', *args, **kw):
  362. if mode not in ('r', 'rt', 'rb', 'rU', 'U') and not self._ok(path):
  363. self._violation("open", path, mode, *args, **kw)
  364. return _open(path, mode, *args, **kw)
  365. def tmpnam(self):
  366. self._violation("tmpnam")
  367. def _ok(self, path):
  368. active = self._active
  369. try:
  370. self._active = False
  371. realpath = os.path.normcase(os.path.realpath(path))
  372. return (
  373. self._exempted(realpath)
  374. or realpath == self._sandbox
  375. or realpath.startswith(self._prefix)
  376. )
  377. finally:
  378. self._active = active
  379. def _exempted(self, filepath):
  380. start_matches = (
  381. filepath.startswith(exception) for exception in self._exceptions
  382. )
  383. pattern_matches = (
  384. re.match(pattern, filepath) for pattern in self._exception_patterns
  385. )
  386. candidates = itertools.chain(start_matches, pattern_matches)
  387. return any(candidates)
  388. def _remap_input(self, operation, path, *args, **kw):
  389. """Called for path inputs"""
  390. if operation in self.write_ops and not self._ok(path):
  391. self._violation(operation, os.path.realpath(path), *args, **kw)
  392. return path
  393. def _remap_pair(self, operation, src, dst, *args, **kw):
  394. """Called for path pairs like rename, link, and symlink operations"""
  395. if not self._ok(src) or not self._ok(dst):
  396. self._violation(operation, src, dst, *args, **kw)
  397. return (src, dst)
  398. def open(self, file, flags, mode=0o777, *args, **kw):
  399. """Called for low-level os.open()"""
  400. if flags & WRITE_FLAGS and not self._ok(file):
  401. self._violation("os.open", file, flags, mode, *args, **kw)
  402. return _os.open(file, flags, mode, *args, **kw)
  403. WRITE_FLAGS = functools.reduce(
  404. operator.or_,
  405. [
  406. getattr(_os, a, 0)
  407. for a in "O_WRONLY O_RDWR O_APPEND O_CREAT O_TRUNC O_TEMPORARY".split()
  408. ],
  409. )
  410. class SandboxViolation(DistutilsError):
  411. """A setup script attempted to modify the filesystem outside the sandbox"""
  412. tmpl = textwrap.dedent(
  413. """
  414. SandboxViolation: {cmd}{args!r} {kwargs}
  415. The package setup script has attempted to modify files on your system
  416. that are not within the EasyInstall build area, and has been aborted.
  417. This package cannot be safely installed by EasyInstall, and may not
  418. support alternate installation locations even if you run its setup
  419. script by hand. Please inform the package's author and the EasyInstall
  420. maintainers to find out if a fix or workaround is available.
  421. """
  422. ).lstrip()
  423. def __str__(self):
  424. cmd, args, kwargs = self.args
  425. return self.tmpl.format(**locals())