Sandboxing Python in Pure Python: A Comprehensive Guide

Sandboxing Python in pure Python poses unique challenges, as it involves isolating Python code from the host environment to prevent malicious users from compromising the system. Let's explore the two primary approaches to this problem and identify suitable alternatives for creating a secure scripting environment.

Approach 1: Restricted Execution Environment

Messa suggests creating a restricted execution environment with limited access to globals. While this method provides a semblance of protection, it is susceptible to exploits that allow code to escape the sandbox. Malicious users can exploit exceptions, manipulate internal states, or utilize bytecode manipulation to break out of the sandbox.

Approach 2: Code Parsing and AST Manipulation

This approach involves parsing Python code and selectively removing unwanted constructs using the ast module. By eliminating import statements, function calls, and other potential security risks, it is possible to create a secure execution environment tailored to specific requirements.

Alternative Scripting Interpreters

If Pythonic scripting syntax is not a strict necessity, consider using other open-source script interpreters written in pure Python that meet the criteria of variables, conditionals, and function calls. These interpreters may offer a more robust and secure foundation for your web game.

PyPy Sandbox (Not Applicable for GAE)

For those not utilizing Google App Engine (GAE), the PyPy sandbox offers a reportedly "real" sandboxing solution. Its capabilities have been praised by users who attest to its effectiveness in preventing sandbox escapes.

Evaluation for Scripting Requirements

Your requirements specifically mention support for variables, basic conditionals, and function calls (excluding definitions). Approach 2, which involves code parsing and AST manipulation, seems like a viable option to evaluate. It allows for customization and can effectively remove unneeded constructs.

Conclusion

Sandboxing Python in pure Python can be achieved through careful consideration of execution environments and code parsing techniques. While a truly full-featured scripting language may be overkill for your game, the alternatives presented here offer a balance of flexibility and security.