From 1237fc60a2ebf7a97fab70ab05465b0cff4d1492 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Thu, 27 Mar 2025 03:21:24 +0000 Subject: [PATCH 1/2] Sandbox Process Creation --- examples/other_languages.py | 3 ++- requirements.txt | 1 + sigopt/cli/utils.py | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/examples/other_languages.py b/examples/other_languages.py index b91baeaf..f7d6a074 100644 --- a/examples/other_languages.py +++ b/examples/other_languages.py @@ -6,6 +6,7 @@ from subprocess import PIPE, Popen from sigopt import Connection +from security import safe_command class SubProcessEvaluator(object): @@ -23,7 +24,7 @@ def evaluate_metric(self, assignments): arguments = [ "--{}={}".format(param_name, assignment) for param_name, assignment in assignments.to_json().iteritems() ] - process = Popen(self.command.split() + arguments, stdout=PIPE, stderr=PIPE) + process = safe_command.run(Popen, self.command.split() + arguments, stdout=PIPE, stderr=PIPE) (stdoutdata, stderrdata) = process.communicate() sys.stderr.write(stderrdata) return float(stdoutdata.strip()) diff --git a/requirements.txt b/requirements.txt index 9a60bfe4..2b87231c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,3 +6,4 @@ pypng>=0.0.20 PyYAML>=5,<7 requests>=2.25.0,<3.0.0 urllib3>=1.26.5,<2.0.0 +security==1.3.1 diff --git a/sigopt/cli/utils.py b/sigopt/cli/utils.py index 7734b24b..34cfc5f8 100644 --- a/sigopt/cli/utils.py +++ b/sigopt/cli/utils.py @@ -17,6 +17,7 @@ from sigopt.sigopt_logging import enable_print_logging, print_logger from .arguments.load_yaml import ValidatedData +from security import safe_command class StreamThread(threading.Thread): @@ -80,8 +81,7 @@ def run_subprocess_command(config, run_context, cmd, env=None): env = get_subprocess_environment(config, run_context, env) proc_stdout, proc_stderr = subprocess.PIPE, subprocess.PIPE try: - proc = subprocess.Popen( - cmd, + proc = safe_command.run(subprocess.Popen, cmd, env=env, stdout=proc_stdout, stderr=proc_stderr, From 4c57a69d10ee4cab6ded70630003b692f7594114 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 27 Mar 2025 03:21:52 +0000 Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- examples/other_languages.py | 3 ++- requirements.txt | 2 +- sigopt/cli/utils.py | 6 ++++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/examples/other_languages.py b/examples/other_languages.py index f7d6a074..3b8607a1 100644 --- a/examples/other_languages.py +++ b/examples/other_languages.py @@ -5,9 +5,10 @@ import sys from subprocess import PIPE, Popen -from sigopt import Connection from security import safe_command +from sigopt import Connection + class SubProcessEvaluator(object): def __init__(self, command): diff --git a/requirements.txt b/requirements.txt index 2b87231c..48c30c92 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,5 +5,5 @@ packaging>=21.3 pypng>=0.0.20 PyYAML>=5,<7 requests>=2.25.0,<3.0.0 -urllib3>=1.26.5,<2.0.0 security==1.3.1 +urllib3>=1.26.5,<2.0.0 diff --git a/sigopt/cli/utils.py b/sigopt/cli/utils.py index 34cfc5f8..2f60af30 100644 --- a/sigopt/cli/utils.py +++ b/sigopt/cli/utils.py @@ -11,13 +11,13 @@ import threading import click +from security import safe_command from sigopt.factory import SigOptFactory from sigopt.run_context import GlobalRunContext from sigopt.sigopt_logging import enable_print_logging, print_logger from .arguments.load_yaml import ValidatedData -from security import safe_command class StreamThread(threading.Thread): @@ -81,7 +81,9 @@ def run_subprocess_command(config, run_context, cmd, env=None): env = get_subprocess_environment(config, run_context, env) proc_stdout, proc_stderr = subprocess.PIPE, subprocess.PIPE try: - proc = safe_command.run(subprocess.Popen, cmd, + proc = safe_command.run( + subprocess.Popen, + cmd, env=env, stdout=proc_stdout, stderr=proc_stderr,