fix: requests operation not permitted (#81)

langgenius · Sep 13, 2024 · 93beee1 · 93beee1
1 parent 17bb213
commit 93beee1
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 37 deletions.
diff --git a/cmd/test/fuzz_python/main.go b/cmd/test/fuzz_python/main.go
@@ -21,11 +21,11 @@ func run(allowed_syscalls []int) {
 		nums = append(nums, strconv.Itoa(syscall))
 	}
 	os.Setenv("ALLOWED_SYSCALLS", strings.Join(nums, ","))
-	p, err := exec.Command("python3", "cmd/test/fuzz_python/test.py").Output()
+	_, err := exec.Command("python3", "cmd/test/fuzz_python/test.py").Output()
 	if err == nil {
-		fmt.Println(string(p))
+		//fmt.Println(string(p))
 	} else {
-		fmt.Println("failed")
+		fmt.Println(err)
 	}
 }
 
@@ -52,11 +52,11 @@ func main() {
 			list[i] = append(list[i], i)
 		}
 
-		// for j := 499; j < 500; j++ {
-		// 	if find_syscall(j, list[i]) == -1 {
-		// 		list[i] = append(list[i], j)
-		// 	}
-		// }
+		for j := 49; j < 50; j++ {
+			if find_syscall(j, list[i]) == -1 {
+				list[i] = append(list[i], j)
+			}
+		}
 
 		// for j := 293; j < 294; j++ {
 		// 	if find_syscall(j, list[i]) == -1 {

diff --git a/cmd/test/fuzz_python/test.py b/cmd/test/fuzz_python/test.py
@@ -1,50 +1,33 @@
 import ctypes
 import os
-import sys
-import json
-import traceback
-
-# setup sys.excepthook
-def excepthook(type, value, tb):
-    sys.stderr.write("".join(traceback.format_exception(type, value, tb)))
-    sys.stderr.flush()
-    sys.exit(-1)
-
-sys.excepthook = excepthook
 
 lib = ctypes.CDLL("/var/sandbox/sandbox-python/python.so")
 lib.DifySeccomp.argtypes = [ctypes.c_uint32, ctypes.c_uint32, ctypes.c_bool]
 lib.DifySeccomp.restype = None
 
+os.chdir("/var/sandbox/sandbox-python")
 
-import json
-import os
+lib.DifySeccomp(65537, 1000, 1)
 
-import json
 import sys
 import traceback
-import os
+# setup sys.excepthook
+def excepthook(type, value, tb):
+    sys.stderr.write("".join(traceback.format_exception(type, value, tb)))
+    sys.stderr.flush()
+    sys.exit(-1)
 
-os.chdir("/var/sandbox/sandbox-python")
+sys.excepthook = excepthook
 
-lib.DifySeccomp(65537, 1001, 1)
+code = """
+import json
 
 # declare main function here
 def main() -> dict:
-    original_strings_with_empty = ["apple", "", "cherry", "date", "", "fig", "grape", "honeydew", "kiwi", "", "mango", "nectarine", "orange", "papaya", "quince", "raspberry", "strawberry", "tangerine", "ugli fruit", "vanilla bean", "watermelon", "xigua", "yellow passionfruit", "zucchini"] * 5
-
-    extended_strings = []
-
-    for s in original_strings_with_empty:
-        if s: 
-            repeat_times = 600
-            extended_s = (s * repeat_times)[:3000]
-            extended_strings.append(extended_s)
-        else:
-            extended_strings.append(s)
+    import requests
     
     return {
-        "result": extended_strings,
+        "result": requests.get("https://www.bilibili.com").text,
     }
 
 from json import loads, dumps
@@ -63,3 +46,5 @@ def main() -> dict:
 <<RESULT>>'''
 
 print(result)
+"""
+exec(code)
diff --git a/internal/static/python_syscall/syscalls_amd64.go b/internal/static/python_syscall/syscalls_amd64.go
@@ -40,6 +40,7 @@ var ALLOW_SYSCALLS = []int{
 
 var ALLOW_ERROR_SYSCALLS = []int{
 	syscall.SYS_CLONE,
+	syscall.SYS_MKDIRAT,
 }
 
 var ALLOW_NETWORK_SYSCALLS = []int{

diff --git a/internal/static/python_syscall/syscalls_arm64.go b/internal/static/python_syscall/syscalls_arm64.go
@@ -44,6 +44,7 @@ var ALLOW_SYSCALLS = []int{
 
 var ALLOW_ERROR_SYSCALLS = []int{
 	syscall.SYS_CLONE,
+	syscall.SYS_MKDIRAT,
 }
 
 var ALLOW_NETWORK_SYSCALLS = []int{