Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,881 Commits 1 Branch 0 Tags
d7ea1dafe8a7fbea4d0e0dd0e2a90d5b4e242b2e
Commit Graph

12881 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ned Batchelder
d7ea1dafe8 On second thought, make can_execute_unsafe_code a function returning a boolean. 2013-05-06 11:39:21 -04:00
Ned Batchelder
f1fac732cf A new boolean on XModuleSystem that determines whether to allow execution of untrusted unsandboxed code. 2013-05-06 11:39:21 -04:00
Ned Batchelder
f4d84e67e1 Build the XModuleSystem anew for each test so we can fiddle with it safely. 2013-05-06 11:39:21 -04:00
Ned Batchelder
0ba4b680f9 Minor fixes of test_system in xmodule tests 2013-05-06 11:39:21 -04:00
Ned Batchelder
477fe670dd All re-randomization has to be bucketed to get a reasonable cache hit rate. 2013-05-06 11:39:20 -04:00
Will Daly
7b26c50e32 Added instructions for clearing the cache before running tests 2013-05-06 11:39:20 -04:00
Will Daly
ac660ead3e Added load test of CustomResponse 2013-05-06 11:39:20 -04:00
Will Daly
0b2aedb4fe Added datadog monitoring of safe_exec() time 2013-05-06 11:39:20 -04:00
Ned Batchelder
05021377d4 Make the correct link to the codejail repo 2013-05-06 11:39:20 -04:00
Ned Batchelder
baa6b4e3e4 The cache key for safe_exec has to be hashed to keep it a reasonable size. 2013-05-06 11:39:20 -04:00
Ned Batchelder
09fbbe7bfa Codejail is in its own repo now. 2013-05-06 11:39:20 -04:00
Ned Batchelder
adde939831 Clarify some comments in tests. 2013-05-06 11:39:20 -04:00
Ned Batchelder
726e8db13e Add more docs 2013-05-06 11:39:20 -04:00
Ned Batchelder
fb5343237a jail_code can execute a provided file also. 2013-05-06 11:39:20 -04:00
Ned Batchelder
9683098f3d Python should have -E, not sure of a clean way to do it, but this at least only applies it to python. 2013-05-06 11:39:20 -04:00
Ned Batchelder
bde976dad2 Refactor code_jail to accommodate non-Python code. 2013-05-06 11:39:19 -04:00
Ned Batchelder
55e910aafc Not sure why my branch was ahead of master for the version of distribute. Make them the same. 2013-05-06 11:39:19 -04:00
Ned Batchelder
bcdc11c3a5 Hint functions are now run in the sandbox. 2013-05-06 11:39:19 -04:00
Ned Batchelder
ed13f0a0f1 Catch up to new exception handling in responses. 2013-05-06 11:39:19 -04:00
Ned Batchelder
5e7d328e7f Use the Django cache for sandboxed code execution. 2013-05-06 11:39:19 -04:00
Ned Batchelder
c8b908a244 capa.safe_exec can use a cache. 2013-05-06 11:39:19 -04:00
Ned Batchelder
5e8e31b2d1 Add a cache attribute to ModuleSystem 2013-05-06 11:39:19 -04:00
Ned Batchelder
ceb6cedaae Fix merge 2013-05-06 11:39:19 -04:00
Ned Batchelder
182a1a1899 Cleanups 2013-05-06 11:39:19 -04:00
Ned Batchelder
0021b0acb3 Refactor to move assumed_imports into capa, so that code_jail is more pure. 2013-05-06 11:39:19 -04:00
Ned Batchelder
89f6ef8407 Move capa/safe_exec into its own directory, in prep for moving code here. 2013-05-06 11:39:18 -04:00
Ned Batchelder
d925604113 Clarify provenance 2013-05-06 11:39:18 -04:00
Ned Batchelder
efaa0eea03 More fixes to the merge, now all tests pass. 2013-05-06 11:39:18 -04:00
Ned Batchelder
be79810ff6 Fix one problem from the merges 2013-05-06 11:39:18 -04:00
Will Daly
f62dad2f57 Added symbolic response tests 2013-05-06 11:39:18 -04:00
Ned Batchelder
e61a6fe787 Make it possible for customresponse check functions to get extra arguments, though they need to be declared in the XML. 2013-05-06 11:39:18 -04:00
Ned Batchelder
c49b0c5027 Have to make the globals json-safe before sending them to the sandbox. 2013-05-06 11:39:18 -04:00
Ned Batchelder
7aa493ec85 A start on getting these tests to run again. 2013-05-06 11:39:18 -04:00
Ned Batchelder
283fc47a95 Jailed code importing random explicitly would get the wrong seed. 2013-05-06 11:39:17 -04:00
Ned Batchelder
f3e8d5bb7a Didn't mean to put this in 2013-05-06 11:39:17 -04:00
Ned Batchelder
478f967af4 We would fail if a global was defined with a non-jsonable value inside a jsonable one. Now we don't/ 2013-05-06 11:39:17 -04:00
Ned Batchelder
b95ea4422b Prevent a print statement from accidentally borking the sandbox. 2013-05-06 11:39:17 -04:00
Ned Batchelder
5acb225816 Print the full traceback when execution fails. 2013-05-06 11:39:17 -04:00
Ned Batchelder
839c568474 Hmm, turns out exec wants just one dict to properly simulate Python module execution. 2013-05-06 11:39:17 -04:00
Ned Batchelder
1473fe377a A unit test that demonstrates the problem we're having with some sandboxed code. 2013-05-06 11:39:17 -04:00
Ned Batchelder
d9df65eef0 Add some logging to codejail 2013-05-06 11:39:17 -04:00
Ned Batchelder
771de938c7 Update the instructions for setting up the sandbox. 2013-05-06 11:39:17 -04:00
Ned Batchelder
ec7a04fdb3 A /debug/run_python endpoint for staff to test the sandboxing of Python code. 2013-05-06 11:39:17 -04:00
Ned Batchelder
df17c0c7dd Move symmath into capa so that it's available where needed 2013-05-06 11:39:17 -04:00
Ned Batchelder
67d0670b2e Symbolic response no longer runs its checker in the Python sandbox. 2013-05-06 11:39:16 -04:00
Ned Batchelder
94f6e685df Mock the response from the snuggletex server, and unskip the SymbolicResponse test. 2013-05-06 10:55:07 -04:00
Ned Batchelder
c04f3e09c0 Test that the sandbox can't get to the network. 2013-05-06 10:55:07 -04:00
Ned Batchelder
9dbfca129c Check functions now can only return serializable data, and 'ex' and 'got' weren't used later anyway. 2013-05-06 10:55:07 -04:00
Ned Batchelder
070f184ee0 Not sure why these had capital-I's in them, since the text just above shows lowercase-i's, and uppercase doesn't work properly. 2013-05-06 10:55:06 -04:00
Ned Batchelder
81c4e4f74f Make check_function more flexible so symbolicresponse can pass in more information. 2013-05-06 10:55:06 -04:00