[Bf-python] nasty python scripts detection
guignot
guignot at wanadoo.fr
Fri May 16 23:12:03 CEST 2003
>I check it, thanks. But this one is a python module, we'd need freeze
>to use it and getting rid of freeze is one of the reasons behind
>implementing the new api.
>
>
It's not mandatory to freeze with this method :
The basic idea is very simple.
Instead of giving python the script :(orig script)
blah
blah
blah
We slightly modify it, and pass to python the following script
:(modified script)
import rexec
R = rexec.RExec()
R.r_eval("Blah Blah Blah")
It runs very well with simple cases.
If orig script is "import time;print time.time()" no pb.
If orig script is "import socket" an error is raised.
For complicated scripts, there are prbs about the newlines,
and rexec refuses to load "Blender" (not in its dict), but I think these
problems are probably solvable.
I'll try to elaborate a solution. Not quite sure I'll succeed...
>Since all the embedding is now done in C, we need a clean way to, in C,
>restrict certain things:
>- restricting file access to user defined (if they choose to do so)
>folders;
>- avoid use of the system() function, that executes external programs.
>
>
It --IS-- possible, but may be lengthy, because C must parse the python
file, and C is not very good at that
(unless we use lex and yacc...heavy...The python grammar is not simple)
>There's also the problem of scripts crashing or hanging Blender itself
>by making it perform very time- or memory-consuming actions (which btw
>rexec documentation says it doesn't cover), but this one is not that
>bad.
>
>
Yes. I'm afraid it would be --very-- difficult to detect this kind of
scripts.
More information about the Bf-python
mailing list