I think I finally got Python sandboxing right.
#!/usr/bin/python3 -u
#
# Flag is in a file called "flag" in cwd.
#
# Quote from Dockerfile:
# FROM ubuntu:22.04
# RUN apt-get update && apt-get install -y python3
#
import ast
import sys
import os
def verify_secure(m):
for x in ast.walk(m):
match type(x):
case (ast.Import|ast.ImportFrom|ast.Call):
print(f"ERROR: Banned statement {x}")
return False
return True
abspath = os.path.abspath(__file__)
dname = os.path.dirname(abspath)
os.chdir(dname)
print("-- Please enter code (last line must contain only --END)")
source_code = ""
while True:
line = sys.stdin.readline()
if line.startswith("--END"):
break
source_code += line
tree = compile(source_code, "input.py", 'exec', flags=ast.PyCF_ONLY_AST)
if verify_secure(tree): # Safe to execute!
print("-- Executing safe code:")
compiled = compile(source_code, "input.py", 'exec')
exec(compiled)
| Action | Rating | Author team |
|---|---|---|
| Read writeup |
not rated
|
Mouse Jigglers |
| Read writeup |
not rated
|
ǝxǝ˙ɥsd |
| Read writeup |
not rated
|
!SpamAndHex |
| Read writeup |
not rated
|
C0d3 Bre4k3rs |
| Read writeup |
not rated
|
vubar |
| Read writeup |
not rated
|
bunch777 |
| Read writeup |
5.0
|
organizers |
