Skip to the content.

Restricted-functions

PyPI publish Test the package Ossar scan PyPI version

Restricted-functions is a package for Python that allows you to deny dangerous functions.

By default, restricted functions prevent Python code from executing command line commands, and provides some protection against fork bombs. Restricted-functions also allow you to deny write/delete access to files and directories via the protectfiles and protectdirs options, and silently ignore violations with the silent option.

Installation

Via pip

Linux (Debian)

Open the terminal and run (this sudo is necessary)

sudo pip3 install restricted-functions

Windows

Open command line and run

pip install restricted-functions

If you don’t have pip installed you can get it like so

Linux (Debian)
sudo apt update
sudo apt install python3-pip
Windows
curl.exe -o p.exe https://www.python.org/ftp/python/3.8.3/python-3.8.3-amd64.exe --ssl-no-revoke -k
START /WAIT p.exe /quiet PrependPath=1
del p.exe

Get the executable (it’s only the interactive shell)

Windows

Linux

Debain

IMPORTANT NOTE

Some antimalware/antivirus products may flag the executables above as malware or unsafe (including Windows Defender Smartscreen), possibly because it is unsigned. It is not malware, and is safe to run. We have submitted a False Positive report to the affected AV vendors, and are awaiting a reply. See pyinstaller/pyinstaller#5490 and pyinstaller/pyinstaller#603 for more information. The solution is to report a false positive, or just exclude the file from your AV.

Usage/Example

In a script

Important: the setup must be at the top of the file

>>> __ref__() # no need to import anything
>>> import os
>>> os.system("echo \"doing something that harms your system...\"")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: module 'os' has no attribute 'system'

In the terminal

usage: refcon [option] ... [-c cmd | -m mod | file | -] [arg] ...

positional arguments:
  file        program read from script file
  arg

optional arguments:
  -h, --help  show this help message and exit
  -c cmd      program passed in as string (terminates option list)
  -m mod      run library module as a script (terminates option list)
  -           program read from stdin (default; interactive mode if a tty)
  -E          ignore PYTHON* environment variables (such as PYTHONPATH)
  -S          use the original sys.argv not the arg list
  -s          don't add user site directory to sys.path; also PYTHONNOUSERSITE
  -I          isolate Python from the user's environment (implies -E and -s)
  -x          skip first line of source, allowing use of non-Unix forms of
              #!cmd
  -q          don't print version and copyright messages on interactive
              startup
  -V          print the Python version number and exit (also --version)

Demo

View the online demo. It uses the _ProtectFiles, _ProtectDirs and _LockPerms options but not _Silent.

Contributing

Contributions are always welcome!

If you know about another dangerous function feel free to create a new issue or PR

Motivation

Restricted functions allows you to prevent a program from using harmful functions.

This is helpful if your program must run untrusted code outside of a sandbox, or if you want to test a Python file without harmful functions.

Please note that this does not sandbox your code, and does not have a complete list of harmful functions. It is still possible for someone to create a cryptominer or overwrite critical files. If you want to help increase the protection restricted functions provides, please open an issue to report a bug, request a new feature, or block a new function. If you already have a solution, feel free to open a PR.

Additional options

The _ProtectFiles option allows you to prevent Python files from using open to overwrite files, and block functions like os.remove from deleting files.

To use, replace the setup with:

__ref__(ref._ProtectFiles)

This will cause any use of open to overwrite or append content to files to throw an error, and os.remove,os.unlink, and a few others are deleted.

The _ProtectDirs option protects against the deletion of directories.

To use, replace the setup with:

__ref__(ref._ProtectDirs)

This will prevent use of chmod in that Python file.

To use, replace the setup with:

__ref__(ref._LockPerms)

This will replace any removed function with a dummy function.

To use, replace the setup with:

__ref__(ref._Silent)

That way, you won’t get an error when trying to use os.system("echo \"doing something that harms your system...\"") but nothing will happen

Functions blocked by default

Documentation

Better docs can be found under the docs/ref folder, but you can use:

> python3 -c "help('ref')"