feat: implement RestrictedPython for secure code execution #251
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
Co-Authored-By: Aaron <AJ> Steers <[email protected]>
… compatibility Co-Authored-By: Aaron <AJ> Steers <[email protected]>
Co-Authored-By: Aaron <AJ> Steers <[email protected]>
- Replace raw exec() with RestrictedPython's compile_restricted() - Add safe_builtins and guarded attribute access - Run code in isolated namespace with restricted globals - Update documentation with security details Co-Authored-By: Aaron <AJ> Steers <[email protected]>
Closes #235 - Added RestrictedPython for secure code execution - Implemented custom AST transformer with type annotation support - Added tests for secure code execution and attribute access - Added checksum validation for code integrity - Configured safe builtins and attribute access guards Link to Devin run: https://app.devin.ai/sessions/52a534be7286449eb767cf386ac6d001 Co-Authored-By: Aaron <AJ> Steers <[email protected]>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
⚙️ Control Options:
|
- Handle potential None return from generic_visit - Consistently use visited_node throughout method - Add proper type checking for attribute access Co-Authored-By: Aaron <AJ> Steers <[email protected]>
Co-Authored-By: Aaron <AJ> Steers <[email protected]>
Co-Authored-By: Aaron <AJ> Steers <[email protected]>
Co-Authored-By: Aaron <AJ> Steers <[email protected]>
Co-Authored-By: Aaron <AJ> Steers <[email protected]>
…rmer Co-Authored-By: Aaron <AJ> Steers <[email protected]>
Co-Authored-By: Aaron <AJ> Steers <[email protected]>
Co-Authored-By: Aaron <AJ> Steers <[email protected]>
Co-Authored-By: Aaron <AJ> Steers <[email protected]>
|
Devin is currently unreachable - the session may have died. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #235
Link to Devin run: https://app.devin.ai/sessions/52a534be7286449eb767cf386ac6d001