Forbid all modules by default except whitelist authorized_imports #935
Conversation
| # Non-exhaustive list of dangerous modules that should not be imported | ||
| DANGEROUS_MODULES = [ | ||
| "builtins", | ||
| "io", | ||
| "multiprocessing", | ||
| "os", | ||
| "pathlib", | ||
| "pty", | ||
| "shutil", | ||
| "socket", | ||
| "subprocess", | ||
| "sys", | ||
| ] | ||
|
|
||
|
|
There was a problem hiding this comment.
| # Non-exhaustive list of dangerous modules that should not be imported | |
| DANGEROUS_MODULES = [ | |
| "builtins", | |
| "io", | |
| "multiprocessing", | |
| "os", | |
| "pathlib", | |
| "pty", | |
| "shutil", | |
| "socket", | |
| "subprocess", | |
| "sys", | |
| ] |
I guess this is no-longer needed? Also the test_vulnerability_via_sys_for_all_dangerous_modules test is to be deleted.
There was a problem hiding this comment.
Just here for test coverage: whichever modification of the code, we want these modules to be forbidden.
|
@aymeric-roucher, before this PR, only modules specified in However, previously, modules could be hackily accessed and used without explicitly importing them, which was a potential security risk. This PR addresses that issue by adding a security layer to prevent accessing or using modules that have not been explicitly imported. |
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
Forbid all modules by default except whitelist
authorized_imports.This PR implements a more robust security approach: use a deny-by-default policy and only whitelist specific modules that are known to be safe for your use case, rather than trying to maintain a comprehensive blacklist
As discussed in: #929 (review)