| | |
| | from __future__ import annotations |
| | import io, os, sys, uuid, base64, traceback, contextlib, tempfile, shutil |
| | import multiprocessing as mp |
| | from typing import Optional, Dict, Any, List |
| | from pydantic import ValidationError |
| | from langchain_core.tools import tool |
| | from src.utils.code_run import ( |
| | CodeRunRequest, CodeRunResult, EnvInfo, |
| | PlotArtifact, DataFrameArtifact, |
| | ) |
| |
|
| | |
| |
|
| | def _b64_png(fig, dpi: int) -> str: |
| | import matplotlib.pyplot as plt |
| | buf = io.BytesIO() |
| | fig.savefig(buf, format="png", dpi=dpi, bbox_inches="tight") |
| | buf.seek(0) |
| | data = base64.b64encode(buf.read()).decode("utf-8") |
| | buf.close() |
| | return data |
| |
|
| | def _clip_df(df, max_rows: int, max_cols: int): |
| | sub = df.iloc[:max_rows, :max_cols] |
| | head = sub.to_dict(orient="records") |
| | dtypes = {str(k): str(v) for k, v in sub.dtypes.to_dict().items()} |
| | return head, list(df.shape), dtypes |
| |
|
| | def _env_info() -> EnvInfo: |
| | try: |
| | import numpy as _np; nv = _np.__version__ |
| | except Exception: |
| | nv = None |
| | try: |
| | import pandas as _pd; pv = _pd.__version__ |
| | except Exception: |
| | pv = None |
| | return EnvInfo(numpy=nv, pandas=pv) |
| |
|
| | |
| |
|
| | def _child_exec(payload: Dict[str, Any], queue: mp.Queue): |
| | """ |
| | Изолированное выполнение user-кода: |
| | - урезанные builtins |
| | - безопасный open (read-only в sandbox) |
| | - белый список импортов |
| | - запрет сети |
| | - temp cwd + очистка |
| | - RLIMIT CPU/AS (Unix) |
| | - захват stdout/stderr |
| | - сбор matplotlib и pandas.DataFrame (по флагам) |
| | """ |
| | import builtins, importlib |
| |
|
| | code: str = payload["code"] |
| | limits: Dict[str, Any] = payload["limits"] |
| | allowed: List[str] = payload["allowed"] |
| | return_plots: bool = payload["return_plots"] |
| | return_dfs: bool = payload["return_dfs"] |
| |
|
| | |
| | try: |
| | import resource |
| | cpu = max(1, int(limits["timeout_seconds"])) |
| | resource.setrlimit(resource.RLIMIT_CPU, (cpu, cpu + 1)) |
| | |
| | one_gb = 1024 * 1024 * 1024 |
| | resource.setrlimit(resource.RLIMIT_AS, (int(1.5 * one_gb), int(1.5 * one_gb))) |
| | |
| | resource.setrlimit(resource.RLIMIT_FSIZE, (50 * 1024 * 1024, 50 * 1024 * 1024)) |
| | except Exception: |
| | pass |
| |
|
| | |
| | workdir = tempfile.mkdtemp(prefix="ci_") |
| | os.chdir(workdir) |
| |
|
| | |
| | try: |
| | import socket |
| | class _NoNet(socket.socket): |
| | def __init__(self, *a, **kw): |
| | raise OSError("Network disabled in sandbox") |
| | socket.socket = _NoNet |
| | except Exception: |
| | pass |
| |
|
| | |
| | safe_names = [ |
| | "abs","all","any","bool","dict","float","int","len","list","max","min", |
| | "range","str","sum","print","enumerate","zip","map","filter","sorted", |
| | "reversed","complex","pow","divmod", "round", "next", "set", "tuple", "type", "isinstance", "issubclass", |
| | ] |
| | safe_builtins = {n: getattr(builtins, n) for n in safe_names} |
| |
|
| | |
| | real_open = open |
| |
|
| | def _safe_open(path, mode="r", *a, **kw): |
| | |
| | if any(m in mode for m in ("w", "a", "+", "x")): |
| | raise PermissionError("Write access forbidden in sandbox") |
| | abspath = os.path.abspath(path) |
| | |
| | if not abspath.startswith(workdir + os.sep) and abspath != workdir: |
| | raise PermissionError("Access outside sandbox forbidden") |
| | |
| | return real_open(abspath, mode, *a, **kw) |
| |
|
| | |
| | for banned in ["exec","eval","__import__","compile","input","globals","locals","vars","dir","help","__build_class__"]: |
| | safe_builtins.pop(banned, None) |
| | safe_builtins["open"] = _safe_open |
| |
|
| | |
| | real_import = builtins.__import__ |
| | ALLOWED = set(allowed) |
| | def _safe_import(name, globals=None, locals=None, fromlist=(), level=0): |
| | base = name.split(".")[0] |
| | if (name not in ALLOWED) and (base not in ALLOWED): |
| | raise ImportError(f"Module '{name}' is not allowed") |
| | return real_import(name, globals, locals, fromlist, level) |
| |
|
| | glb: Dict[str, Any] = {"__builtins__": safe_builtins} |
| | lcl: Dict[str, Any] = {} |
| |
|
| | |
| | plt = None |
| | if return_plots: |
| | try: |
| | import matplotlib |
| | matplotlib.use("Agg") |
| | import matplotlib.pyplot as _plt |
| | plt = _plt |
| | except Exception: |
| | plt = None |
| |
|
| | |
| | preloads = [ |
| | "math","random","statistics","datetime","re","json","fractions","decimal", |
| | "numpy","pandas","cmath", |
| | "matplotlib","matplotlib.pyplot" |
| | ] |
| | for mod in preloads: |
| | try: |
| | if (mod in ALLOWED) or (mod.split(".")[0] in ALLOWED): |
| | glb[mod.split(".")[-1]] = importlib.import_module(mod) |
| | except Exception: |
| | pass |
| |
|
| | |
| | safe_builtins["__import__"] = _safe_import |
| |
|
| | |
| | out_buf, err_buf = io.StringIO(), io.StringIO() |
| | status = "error" |
| | result_repr: Optional[str] = None |
| | plots: List[Dict[str, Any]] = [] |
| | dataframes: List[Dict[str, Any]] = [] |
| |
|
| | try: |
| | with contextlib.redirect_stdout(out_buf), contextlib.redirect_stderr(err_buf): |
| | exec(code, glb, lcl) |
| | status = "success" |
| |
|
| | |
| | if "_" in lcl: |
| | result_repr = repr(lcl["_"]) |
| | elif "result" in lcl: |
| | result_repr = repr(lcl["result"]) |
| |
|
| | |
| | if plt is not None and return_plots: |
| | fig_nums = plt.get_fignums()[: int(limits["max_plots"])] |
| | for num in fig_nums: |
| | fig = plt.figure(num) |
| | b64 = _b64_png(fig, dpi=int(limits["plot_dpi"])) |
| | plots.append({"data_base64": b64, "format": "png"}) |
| | plt.close("all") |
| |
|
| | |
| | if return_dfs: |
| | try: |
| | import pandas as _pd |
| | for name, val in list(lcl.items()): |
| | if isinstance(val, _pd.DataFrame): |
| | if len(dataframes) >= int(limits["max_dataframes"]): |
| | break |
| | head, shape, dtypes = _clip_df( |
| | val, |
| | max_rows=int(limits["max_df_rows"]), |
| | max_cols=int(limits["max_df_cols"]), |
| | ) |
| | dataframes.append({ |
| | "name": str(name), |
| | "head": head, |
| | "shape": shape, |
| | "dtypes": dtypes, |
| | }) |
| | except Exception: |
| | pass |
| |
|
| | except Exception: |
| | status = "error" |
| | print(traceback.format_exc(), file=err_buf) |
| | finally: |
| | try: |
| | shutil.rmtree(workdir, ignore_errors=True) |
| | except Exception: |
| | pass |
| |
|
| | queue.put({ |
| | "status": status, |
| | "stdout": out_buf.getvalue(), |
| | "stderr": err_buf.getvalue(), |
| | "result_repr": result_repr, |
| | "plots": plots, |
| | "dataframes": dataframes, |
| | }) |
| |
|
| | |
| |
|
| | def run_python_in_subprocess(req: CodeRunRequest) -> CodeRunResult: |
| | exec_id = str(uuid.uuid4()) |
| | ctx = mp.get_context("spawn") |
| | q: mp.Queue = ctx.Queue() |
| |
|
| | payload = { |
| | "code": req.code, |
| | "limits": req.limits.model_dump(), |
| | "allowed": list(req.allowed_modules), |
| | "return_plots": bool(req.return_plots), |
| | "return_dfs": bool(req.return_dataframes), |
| | } |
| |
|
| | p = ctx.Process(target=_child_exec, args=(payload, q), daemon=True) |
| | p.start() |
| | p.join(req.limits.timeout_seconds) |
| |
|
| | status = "timeout" |
| | stdout = "" |
| | stderr = "Timed out." |
| | result_repr = None |
| | plots: List[PlotArtifact] = [] |
| | dataframes: List[DataFrameArtifact] = [] |
| |
|
| | if p.is_alive(): |
| | p.terminate() |
| | p.join(1) |
| | else: |
| | try: |
| | msg = q.get_nowait() |
| | status = msg.get("status", "error") |
| | stdout = (msg.get("stdout") or "")[: req.limits.max_stdout_chars] |
| | stderr = (msg.get("stderr") or "")[: req.limits.max_stderr_chars] |
| | result_repr = msg.get("result_repr") |
| | plots = [PlotArtifact(**p_) for p_ in msg.get("plots", [])] |
| | dataframes = [DataFrameArtifact(**d_) for d_ in msg.get("dataframes", [])] |
| | except Exception as e: |
| | status = "error" |
| | stderr = f"Worker crashed: {e}" |
| |
|
| | return CodeRunResult( |
| | execution_id=exec_id, |
| | status=status, |
| | stdout=stdout, |
| | stderr=stderr, |
| | result_repr=result_repr, |
| | plots=plots, |
| | dataframes=dataframes, |
| | env=_env_info(), |
| | ) |
| |
|
| | |
| |
|
| | @tool |
| | def safe_code_run(code:str) -> str: |
| | """ |
| | Safely execute Python code in an isolated subprocess with security restrictions. |
| | |
| | IMPORTANT - To see output, you MUST: |
| | - Use print() statements for output |
| | - Assign final result to variable 'result' or '_' |
| | - Save data to variables for DataFrame/plot capture |
| | |
| | Examples: |
| | ✅ Good: |
| | result = 2 + 2 |
| | print(f"Answer: {result}") |
| | |
| | ✅ Good: |
| | import numpy as np |
| | arr = np.array([1, 2, 3]) |
| | print(arr.mean()) |
| | |
| | ✅ Good: |
| | import pandas as pd |
| | df = pd.DataFrame({'x': [1, 2], 'y': [3, 4]}) |
| | print(df) |
| | result = df.sum() |
| | |
| | ❌ Bad (no output): |
| | 2 + 2 # This won't show anything |
| | |
| | Security features: |
| | - Whitelisted imports only (numpy, pandas, matplotlib, etc.) |
| | - Read-only file access within sandbox |
| | - Network disabled |
| | - Memory/CPU limits |
| | - Timeout protection |
| | |
| | Returns JSON with: status, stdout, stderr, result_repr, plots, dataframes, env info |
| | """ |
| |
|
| | |
| | req = CodeRunRequest( |
| | code=code, |
| | |
| | limits=dict(timeout_seconds=35) |
| | ).model_dump_json() |
| |
|
| | res = run_python_in_subprocess(CodeRunRequest.model_validate_json(req)) |
| | return res.model_dump_json() |
