diff options
| author | Martin <martin@leo.fri1.uni-lj.si> | 2015-09-22 13:13:31 +0200 |
|---|---|---|
| committer | Martin <martin@leo.fri1.uni-lj.si> | 2015-09-22 13:13:31 +0200 |
| commit | 68acd82d75106cddd3d4b79365672cad7391c3cd (patch) | |
| tree | cc9448103c9a21bed694abe6f818a9eed8ecccb6 /python | |
| parent | 63dff6d770ecb98d7f8f9337449b3450d3abb0de (diff) | |
| parent | 2c61fec2140da5ec9a5aee8a7d6d3f0f2d3b0897 (diff) | |
Merge branch 'master' of ssh://212.235.189.51:22122/codeq-server
Diffstat (limited to 'python')
| -rwxr-xr-x | python/interpreter.py | 59 |
1 files changed, 50 insertions, 9 deletions
diff --git a/python/interpreter.py b/python/interpreter.py index 87de3aa..3439ae8 100755 --- a/python/interpreter.py +++ b/python/interpreter.py @@ -7,9 +7,13 @@ import seccomp f = seccomp.SyscallFilter(defaction=seccomp.KILL) # Necessary for Python. +f.add_rule(seccomp.ALLOW, "brk") f.add_rule(seccomp.ALLOW, "exit_group") +f.add_rule(seccomp.ALLOW, "ioctl") +f.add_rule(seccomp.ALLOW, "mmap") +f.add_rule(seccomp.ALLOW, "munmap") f.add_rule(seccomp.ALLOW, "rt_sigaction") -f.add_rule(seccomp.ALLOW, "brk") +f.add_rule(seccomp.ALLOW, "rt_sigreturn") # Mostly harmless. f.add_rule(seccomp.ALLOW, "mprotect") @@ -19,22 +23,59 @@ f.add_rule(seccomp.ALLOW, "read", seccomp.Arg(0, seccomp.EQ, sys.stdin.fileno()) f.add_rule(seccomp.ALLOW, "write", seccomp.Arg(0, seccomp.EQ, sys.stdout.fileno())) f.add_rule(seccomp.ALLOW, "write", seccomp.Arg(0, seccomp.EQ, sys.stderr.fileno())) -f.add_rule(seccomp.ALLOW, "ioctl") -f.add_rule(seccomp.ALLOW, "mmap") -f.add_rule(seccomp.ALLOW, "munmap") - # Needed for finding source code for exceptions. f.add_rule(seccomp.ALLOW, "stat") +# Read-only open. f.add_rule(seccomp.ALLOW, "open", seccomp.Arg(1, seccomp.MASKED_EQ, 0x3, 0)) -f.add_rule(seccomp.ALLOW, "fcntl") +f.add_rule(seccomp.ALLOW, "close") +f.add_rule(seccomp.ALLOW, "read") f.add_rule(seccomp.ALLOW, "fstat") f.add_rule(seccomp.ALLOW, "lseek") -f.add_rule(seccomp.ALLOW, "read") -f.add_rule(seccomp.ALLOW, "close") +f.add_rule(seccomp.ALLOW, "fcntl") # Needed for code.InteractiveConsole. f.add_rule(seccomp.ALLOW, "access") f.add_rule(seccomp.ALLOW, "select") f.load() -code.interact(banner='') +class MyConsole(code.InteractiveConsole): + def interact(self, banner=None): + if banner is not None: + self.write('{}\n'.format(banner)) + + buffer = [] + prompt = '>>> ' + while True: + try: + line = input(prompt) + # Assume we are running the user's program; silence the prompt. + if line == 'exec("""\\': + self.write('<run>\n') + prompt = '' + + buffer.append(line) + source = '\n'.join(buffer) + more = self.runsource(source) + if more: + if prompt: + prompt = '... ' + else: + prompt = '>>> ' + buffer = [] + except KeyboardInterrupt: + prompt = '>>> ' + buffer = [] + self.write('^C\n') + except EOFError: + break + + def runcode(self, code): + try: + exec(code, self.locals) + except KeyboardInterrupt: + # Don't show traceback on SIGINT. + raise + except: + self.showtraceback() + +MyConsole().interact() |