more matrix demo stuf

pgbovine · mmmicedcoffee · commit d159688e43e2 · 2014-01-31T13:15:20.000-05:00
diff --git a/v3/bottle_server.py b/v3/bottle_server.py
@@ -60,5 +60,30 @@ def load_matrix_problem():
   return json.dumps(dict(code=cod, test=testCod))
 
 
+@get('/submit_matrix_problem')
+def submit_matrix_problem():
+  user_code = request.query.submitted_code
+  prob_name = request.query.problem_name
+  assert type(prob_name) in (str, unicode)
+
+  # whitelist
+  assert prob_name in ('python_comprehension-1',)
+
+  test_fn = 'matrix-demo/' + prob_name + '.test.py'
+  test_cod = open(test_fn).read()
+
+  # concatenate!
+  script = test_cod + '\n' + user_code + '\nimport doctest\ndoctest.testmod()'
+
+  import simple_sandbox
+
+  def json_finalizer(executor):
+    return json.dumps(dict(code=executor.executed_script,
+                           user_stdout=executor.user_stdout.getvalue(),
+                           user_stderr=executor.user_stderr.getvalue()))
+
+  return simple_sandbox.exec_str(script, json_finalizer)
+
+
 if __name__ == "__main__":
     run(host='localhost', port=8080, reloader=True)
diff --git a/v3/js/matrixtutor.js b/v3/js/matrixtutor.js
@@ -263,27 +263,24 @@ $(document).ready(function() {
     }
   });
 
-  $('#genUrlBtn').bind('click', function() {
-    var myArgs = {code: pyInputCodeMirror.getValue(),
-                  mode: appMode,
-                  cumulative: $('#cumulativeModeSelector').val(),
-                  py: $('#pythonVersionSelector').val()};
-
-    if (appMode == 'display') {
-      myArgs.curInstr = myVisualizer.curInstr;
-    }
-
-    var urlStr = $.param.fragment(window.location.href, myArgs, 2 /* clobber all */);
-    $('#urlOutput').val(urlStr);
-  });
-
-
   $.get('load_matrix_problem',
         {problem_name: 'python_comprehension-1'},
         function(dataFromBackend) {
           pyInputCodeMirror.setValue(dataFromBackend.code.rtrim());
           pyTestInputCodeMirror.setValue(dataFromBackend.test.rtrim());
         },
         "json");
-});
 
+
+  $('#submitGradeBtn').bind('click', function() {
+    $.get('submit_matrix_problem',
+          {submitted_code: pyInputCodeMirror.getValue(),
+           problem_name: 'python_comprehension-1'},
+          function(dataFromBackend) {
+            $('#gradeStdout').val(dataFromBackend.user_stdout);
+            $('#gradeStderr').val(dataFromBackend.user_stderr);
+          },
+          "json");
+
+  });
+});
diff --git a/v3/matrixtutor.html b/v3/matrixtutor.html
@@ -98,30 +98,23 @@ <h1 style="margin-bottom: 15px; font-size: 14pt;">Problem: python_comprehension-
 <button id="submitGradeBtn" class="bigBtn" type="button">Submit for Grading</button>
 </p>
 
-<pre id="gradeResultsPane">
-</pre>
+<p>
+Program output:<br/>
+<textarea id="gradeStdout" cols="100" rows="20" wrap="off" readonly></textarea>
+</p>
+
+<p>
+Errors:<br/>
+<textarea id="gradeStderr" cols="100" rows="10" wrap="off" readonly></textarea>
+</p>
 
 </div>
 
 <div id="footer">
 
 This version of <a href="http://pythontutor.com/">Online Python Tutor</a> supports
 <a href="http://www.python.org/doc/3.3.0/">Python 3.3</a> with limited module
-imports and no file I/O. 
-The following modules may be imported: 
-bisect,
-collections,
-datetime,
-functools,
-heapq,
-itertools,
-json,
-math,
-operator,
-random,
-re,
-string
-</p>
+imports and no file I/O.</p>
 
 <p>Have a question? Maybe the <a
 href="https://github.com/pgbovine/OnlinePythonTutor/blob/master/v3/docs/user-FAQ.md">FAQ</a>
diff --git a/v3/simple_sandbox.py b/v3/simple_sandbox.py
@@ -0,0 +1,187 @@
+# This is a SUPER simple sandbox, with code copied from pg_logger.py
+# It's not meant to be actually secure, so ALWAYS practice defense in
+# depth and use it alongside more heavyweight OS-level sandboxing using,
+# say, Linux containers, and in conjunction with other sandboxes like:
+#   https://github.com/cemc/safeexec
+#
+# tested so far on Linux 2.6.32 (x86-64) and Mac OS X 10.8
+#
+# Philip Guo (philip@pgbovine.net)
+
+import bdb
+import sys
+import traceback
+import types
+
+# TODO: use the 'six' package to smooth out Py2 and Py3 differences
+is_python3 = (sys.version_info[0] == 3)
+
+if is_python3:
+  import io as cStringIO
+else:
+  import cStringIO
+
+
+#DEBUG = False
+DEBUG = True
+
+
+# simple sandboxing scheme:
+#
+# - use resource.setrlimit to deprive this process of ANY file descriptors
+#   (which will cause file read/write and subprocess shell launches to fail)
+# - restrict user builtins and module imports
+#   (beware that this is NOT foolproof at all ... there are known flaws!)
+#
+# ALWAYS use defense-in-depth and don't just rely on these simple mechanisms
+import resource
+
+
+# ugh, I can't figure out why in Python 2, __builtins__ seems to
+# be a dict, but in Python 3, __builtins__ seems to be a module,
+# so just handle both cases ... UGLY!
+if type(__builtins__) is dict:
+  BUILTIN_IMPORT = __builtins__['__import__']
+else:
+  assert type(__builtins__) is types.ModuleType
+  BUILTIN_IMPORT = __builtins__.__import__
+
+
+# whitelist of module imports
+ALLOWED_MODULE_IMPORTS = ('doctest',)
+
+# PREEMPTIVELY import all of these modules, so that when the user's
+# script imports them, it won't try to do a file read (since they've
+# already been imported and cached in memory). Remember that when
+# the user's code runs, resource.setrlimit(resource.RLIMIT_NOFILE, (0, 0))
+# will already be in effect, so no more files can be opened.
+#
+# NB: All modules in CUSTOM_MODULE_IMPORTS will be imported, warts and
+# all, so they better work on Python 2 and 3!
+for m in ALLOWED_MODULE_IMPORTS:
+  __import__(m)
+
+
+# there's no point in banning builtins since malicious users can
+# circumvent those anyways
+
+
+class SandboxExecutor(bdb.Bdb):
+    def __init__(self, finalizer_func):
+        bdb.Bdb.__init__(self)
+        self.ORIGINAL_STDOUT = sys.stdout
+        self.ORIGINAL_STDERR = sys.stderr
+        self.executed_script = None # Python script to be executed!
+
+        # a function that takes the output trace as a parameter and
+        # processes it
+        self.finalizer_func = finalizer_func
+
+
+    def _runscript(self, script_str):
+        self.executed_script = script_str
+
+        self.user_stdout = cStringIO.StringIO()
+        self.user_stderr = cStringIO.StringIO()
+
+        sys.stdout = self.user_stdout
+        sys.stderr = self.user_stderr
+
+        try:
+          # enforce resource limits RIGHT BEFORE running script_str
+
+          # set ~200MB virtual memory limit AND a 5-second CPU time
+          # limit (tuned for Webfaction shared hosting) to protect against
+          # memory bombs such as:
+          #   x = 2
+          #   while True: x = x*x
+          resource.setrlimit(resource.RLIMIT_AS, (200000000, 200000000))
+          resource.setrlimit(resource.RLIMIT_CPU, (5, 5))
+
+          # protect against unauthorized filesystem accesses ...
+          resource.setrlimit(resource.RLIMIT_NOFILE, (0, 0)) # no opened files allowed
+
+          # VERY WEIRD. If you activate this resource limitation, it
+          # ends up generating an EMPTY trace for the following program:
+          #   "x = 0\nfor i in range(10):\n  x += 1\n   print x\n  x += 1\n"
+          # (at least on my Webfaction hosting with Python 2.7)
+          #resource.setrlimit(resource.RLIMIT_FSIZE, (0, 0))  # (redundancy for paranoia)
+
+          # The posix module is a built-in and has a ton of OS access
+          # facilities ... if you delete those functions from
+          # sys.modules['posix'], it seems like they're gone EVEN IF
+          # someone else imports posix in a roundabout way. Of course,
+          # I don't know how foolproof this scheme is, though.
+          # (It's not sufficient to just "del sys.modules['posix']";
+          #  it can just be reimported without accessing an external
+          #  file and tripping RLIMIT_NOFILE, since the posix module
+          #  is baked into the python executable, ergh. Actually DON'T
+          #  "del sys.modules['posix']", since re-importing it will
+          #  refresh all of the attributes. ergh^2)
+          for a in dir(sys.modules['posix']):
+            delattr(sys.modules['posix'], a)
+          # do the same with os
+          for a in dir(sys.modules['os']):
+            if not a in ('path', 'stat', 'environ'):
+              delattr(sys.modules['os'], a)
+          # ppl can dig up trashed objects with gc.get_objects()
+          import gc
+          for a in dir(sys.modules['gc']):
+            delattr(sys.modules['gc'], a)
+          del sys.modules['gc']
+
+          # sys.modules contains an in-memory cache of already-loaded
+          # modules, so if you delete modules from here, they will
+          # need to be re-loaded from the filesystem.
+          #
+          # Thus, as an extra precaution, remove these modules so that
+          # they can't be re-imported without opening a new file,
+          # which is disallowed by resource.RLIMIT_NOFILE
+          #
+          # Of course, this isn't a foolproof solution by any means,
+          # and it might lead to UNEXPECTED FAILURES later in execution.
+          del sys.modules['os']
+          del sys.modules['os.path']
+          del sys.modules['sys']
+
+          # ... here we go!
+          self.run(script_str)
+        # sys.exit ...
+        except SystemExit:
+          raise bdb.BdbQuit
+        except:
+          if DEBUG:
+            traceback.print_exc()
+          raise bdb.BdbQuit # need to forceably STOP execution
+
+
+    def finalize(self):
+      sys.stdout = self.ORIGINAL_STDOUT
+      sys.stderr = self.ORIGINAL_STDERR
+      return self.finalizer_func(self)
+
+
+def print_finalizer(executor):
+    #print 'DONE:'
+    #print executor.executed_script
+    print 'stdout:'
+    print executor.user_stdout.getvalue()
+    print 'stderr:'
+    print executor.user_stderr.getvalue()
+
+
+# the MAIN meaty function!!!
+def exec_str(script_str, finalizer):
+  logger = SandboxExecutor(finalizer)
+
+  try:
+    logger._runscript(script_str)
+  except bdb.BdbQuit:
+    pass
+  finally:
+    return logger.finalize()
+
+
+if __name__ == "__main__":
+   script = open(sys.argv[1]).read()
+   exec_str(script, print_finalizer)
