aahnik
Rextester API is not longer free, thus bot no more working
Rextester now requires API TOKEN to use its API.
Bot no longer doing the main thing it is supposed to do.
I am doing research, as to how to build my own API for running python code.
Running python code and returning the result is easy. A simple solution is to use a python subprocess to run python -c {code}, and then get the stdout and stderr.
https://github.com/aahnik/run-py-bot/blob/fba3e718e69a2f2702c45428a9f884fec432084b/bot/execute_code.py#L55-L67
v0.0.5 of this project and earlier, used to run the code submitted by users directly in the server the bot is running.
But python is powerful and using python code, anyone can hack the server. Me banning certain python keywords and imports made the bot less useful. But still hackable. Using escape sequences, and other tons of tricks, one could hack the server.
Then from v0.1.0 onwards, I used the rextester API, which ran a piece of python code and returned the result. So, I had no more worry, as the python code ran on their server, it's their headache now.
But rextester API become paid from April 10, 2021.
So, now I am planning to build my own API that executes python code.
Challenges:
- we will be accepting code from an untrusted source.
- accidental bugs, or malicious design can hack the server, or consume too much CPU/memory/disk space.
- people could use the service to do malicious things
So currently I am researching how to implement a solution
Here are the links to stuff that I am exploring
- https://www.software.ac.uk/blog/2017-11-23-executing-python-code-submitted-web-service
- https://github.com/vstinner/pysandbox
- https://lwn.net/Articles/574215/
- https://en.wikipedia.org/wiki/Sandbox_(computer_security)