Possible Duplicate:
Python, safe, sandbox
I'm building a corporate web system in Python which allows scripts to be uploaded and run serverside. Given I'm already developing in Python and its such a nice simple language, it seems like a good language to write the scripts in. However, there is a security hazard there, I want to block all function calls except a limited subset. Is there a mechanism I can use to do this, or some other technique? Do I need to use something else, Lua perhaps? I'm developing in Pyramid/Pylons.
This is a terrible idea, but just to let you know about the option:
You could sanitize a string that contains the Python code (and by sanitize I mean you need to do like a few hundred malicious unit tests and heavily test that the sanitation is adequate) with RegEx to only match the function calls you want and then call eval() on the string.
来源:https://stackoverflow.com/questions/11355093/python-from-python-restricting-functionality