root_mcp.extended.root_native.sandbox module
AST-based code validation for PyROOT code execution.
This module provides best-effort security validation for user-submitted Python code before it is executed in a subprocess. It is NOT a hard security boundary for untrusted code — it catches common dangerous patterns but cannot prevent all possible exploits.
- class root_mcp.extended.root_native.sandbox.CodeValidator(*, blocked_modules=None, blocked_attributes=None, blocked_builtins=None, allowed_modules=None, max_code_length=100000)[source]
Bases:
objectAST-based validator for user-submitted Python code.
Performs static analysis to detect and block dangerous patterns before code is executed. This is a best-effort check, not a security sandbox.
- Parameters:
blocked_modules (frozenset[str] | None) – Modules to block. Defaults to BLOCKED_MODULES.
blocked_attributes (frozenset[str] | None) – Attribute names to block. Defaults to BLOCKED_ATTRIBUTES.
blocked_builtins (frozenset[str] | None) – Built-in function names to block. Defaults to BLOCKED_BUILTINS.
allowed_modules (frozenset[str] | None) – Modules explicitly allowed. Defaults to ALLOWED_MODULES.
max_code_length (int) – Maximum allowed code length in characters.
- __init__(*, blocked_modules=None, blocked_attributes=None, blocked_builtins=None, allowed_modules=None, max_code_length=100000)[source]