A /debug/run_python endpoint for staff to test the sandboxing of Python code.

2013-02-22 13:31:31 -05:00
parent df17c0c7dd
commit ec7a04fdb3
6 changed files with 56 additions and 0 deletions
--- a/lms/djangoapps/debug/init.py
+++ b/lms/djangoapps/debug/init.py
--- a/lms/djangoapps/debug/models.py
+++ b/lms/djangoapps/debug/models.py
@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.
--- a/lms/djangoapps/debug/views.py
+++ b/lms/djangoapps/debug/views.py
@@ -0,0 +1,29 @@
+"""Views for debugging and diagnostics"""
+
+import pprint
+
+from django.http import Http404
+from django.contrib.auth.decorators import login_required
+from django_future.csrf import ensure_csrf_cookie, csrf_exempt
+from mitxmako.shortcuts import render_to_response
+
+from codejail.safe_exec import safe_exec
+
+@login_required
+@ensure_csrf_cookie
+def run_python(request):
+    if not request.user.is_staff:
+        raise Http404
+    c = {}
+    c['code'] = ''
+    c['results'] = None
+    if request.method == 'POST':
+        py_code = c['code'] = request.POST.get('code')
+        g, l = {}, {}
+        try:
+            safe_exec(py_code, g, l)
+        except Exception as e:
+            c['results'] = str(e)
+        else:
+            c['results'] = pprint.pformat(l)
+    return render_to_response("debug/run_python_form.html", c)
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -589,6 +589,7 @@ INSTALLED_APPS = (

    # For testing
    'django.contrib.admin',   # only used in DEBUG mode
+    'debug',

    # Discussion forums
    'django_comment_client',
--- a/lms/templates/debug/run_python_form.html
+++ b/lms/templates/debug/run_python_form.html
@@ -0,0 +1,19 @@
+<html><body>
+<div>
+<p>Python:</p>
+<form method='post'>
+    <input type="hidden" name="csrfmiddlewaretoken" value="${ csrf_token }">
+    <div>
+        <textarea name='code' rows='20' cols='80'>${code|h}</textarea>
+    </div>
+    <input type='submit' value='Run it!'/>
+</form>
+</div>
+%if results:
+<div>
+    <p>Results:</p>
+    <pre>
+${results|h}
+</pre>
+</div>
+%endif
--- a/lms/urls.py
+++ b/lms/urls.py
@@ -358,6 +358,10 @@ urlpatterns += (
    url(r'^comm/foldit_ops', 'foldit.views.foldit_ops', name="foldit_ops"),
 )

+urlpatterns += (
+    url(r'^debug/run_python', 'debug.views.run_python'),
+)
+
 urlpatterns = patterns(*urlpatterns)

 if settings.DEBUG: