duck.utils.codesandbox

Secure Python Code Sandbox:

This script defines a class SafeCodeSandbox that provides a secure execution environment for running arbitrary Python code. It ensures isolation by:

• Running code in a subprocess.

• Blocking dangerous imports and built-ins.

• Restricting system resources like CPU and memory.

• Providing execution time and memory limits to prevent abuse.

Note:

• This is only available for Linux environment.

Module Contents

Classes

SafeCodeSandbox

Enhanced Secure Python Code Sandbox:

API

class duck.utils.codesandbox.SafeCodeSandbox

Enhanced Secure Python Code Sandbox:

This class runs Python code in a highly secure, isolated environment. It blocks unsafe imports, restricts resource usage (CPU, memory), and executes the code in a subprocess with limited system call access to prevent abuse.

execute(code: str, variable_name: str)

Executes the provided Python code in a secure sandbox environment and retrieves the value of a specific variable.

Parameters:

• code – The Python code to be executed in the sandbox.

• variable_name – The name of the variable whose value we want to retrieve.

Returns:

A dictionary with either: - “success”: the value of the specified variable. - “error”: error message including full traceback if an exception occurs.

Return type:

dict

run_in_subprocess(py_code: str, variable_name: str, temp_dir: str) → dict

sanitize_code(code: str) → str