new docs, better executors, better expansion for languages

2020-03-26 13:49:19 -05:00 · 2020-03-26 13:49:19 -05:00 · 3233db5c1f
parent 7bc9b5b63a
commit 3233db5c1f
24 changed files with 131 additions and 59 deletions
--- a/api/main.go
+++ b/api/main.go
@ -57,10 +57,8 @@ func Execute(res http.ResponseWriter, req *http.Request) {
        "typescript", "ts",
        "php",
        "python", "python2", "python3",
-        "r",
        "ruby",
        "swift",
-        "brainfuck", "bf",
        "rust",
        "bash",
    }
--- a/lxc/execute
+++ b/lxc/execute
@ -66,9 +66,6 @@ case "$lang" in
 "c#" | "csharp" | "cs")
    bin=csharp
    ;;
-"r")
-    bin=r
-    ;;
 "php")
    bin=php
    ;;
@ -81,9 +78,6 @@ case "$lang" in
 "swift")
    bin=swift
    ;;
-"brainfuck" | "bf")
-    bin=brainfuck
-    ;;
 "rust")
    bin=rust
    ;;
@ -100,14 +94,12 @@ esac

 # runner
 timeout -s KILL 10 \
-    lxc-attach -n piston -- \
-        /bin/bash -c "\
-            PATH=/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin \
-            bash /exec/$bin $newinc $epoch 2>&1 | head -c 65536"
+    lxc-attach --clear-env -n piston -- \
+        /bin/bash -l -c "bash /exec/$bin $newinc $epoch 2>&1 | head -c 65536"

 # process janitor
-lxc-attach -n piston -- \
-    /bin/bash -c "\
+lxc-attach --clear-env -n piston -- \
+    /bin/bash -l -c "\
        for i in {1..100}; do pkill -u runner$newinc --signal SIGKILL; done ;\
        find /tmp -user runner$newinc -exec /bin/rm -rf {} \;\
        " > /dev/null 2>&1 &
--- a/lxc/executors/bash
+++ b/lxc/executors/bash
@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 bash code.code"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 bash code.code"
--- a/lxc/executors/brainfuck
+++ b/lxc/executors/brainfuck
@ -1,2 +0,0 @@
-cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; timeout -s KILL 3 bf code.code"
--- a/lxc/executors/c
+++ b/lxc/executors/c
@ -1,3 +1,3 @@
 cd /tmp/$2
 timeout -s KILL 10 gcc -std=c11 -o binary -x c code.code
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
--- a/lxc/executors/cpp
+++ b/lxc/executors/cpp
@ -1,3 +1,3 @@
 cd /tmp/$2
 timeout -s KILL 10 g++ -std=c++17 -o binary -x c++ code.code
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
--- a/lxc/executors/csharp
+++ b/lxc/executors/csharp
@ -1,3 +1,3 @@
 cd /tmp/$2
 timeout -s KILL 10 mcs $(echo code.code | sed 's/\///') -nowarn:0219 -out:binary
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 mono binary"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 mono binary"
--- a/lxc/executors/go
+++ b/lxc/executors/go
@ -1,6 +1,6 @@
 cd /tmp/$2
 cp code.code interim.go
 file="interim.go"
-GOROOT=/usr/lib/go timeout -s KILL 10 go build $file
+timeout -s KILL 10 go build $file
 file=${file%%.*}
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./$file"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./$file"
--- a/lxc/executors/java
+++ b/lxc/executors/java
@ -3,4 +3,4 @@ cp code.code interim.java
 name=$(cat interim.java | grep -Eo 'public\s+class\s+([A-Za-z0-9]+)' | sed -n 's/  */ /gp' | cut -d' ' -f3)
 mv interim.java $name.java
 timeout -s KILL 10 javac $name.java
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 java $name"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 java $name"
--- a/lxc/executors/nasm
+++ b/lxc/executors/nasm
@ -1,4 +1,4 @@
 cd /tmp/$2
 timeout -s KILL 10 nasm -f elf64 -o binary.o code.code
 timeout -s KILL 10 ld binary.o -o binary
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
--- a/lxc/executors/node
+++ b/lxc/executors/node
@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 nodejs code.code"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 node code.code"
--- a/lxc/executors/php
+++ b/lxc/executors/php
@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 php code.code"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 php code.code"
--- a/lxc/executors/python2
+++ b/lxc/executors/python2
@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 python2 code.code"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 python code.code"
--- a/lxc/executors/python3
+++ b/lxc/executors/python3
@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 python3.6 code.code"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 python3.6 code.code"
--- a/lxc/executors/r
+++ b/lxc/executors/r
@ -1,2 +0,0 @@
-cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 Rscript code.code"
--- a/lxc/executors/ruby
+++ b/lxc/executors/ruby
@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ruby code.code"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ruby code.code"
--- a/lxc/executors/rust
+++ b/lxc/executors/rust
@ -1,3 +1,3 @@
 cd /tmp/$2
 timeout -s KILL 10 rustc -o binary code.code
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
--- a/lxc/executors/swift
+++ b/lxc/executors/swift
@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 swift code.code"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 swift code.code"
--- a/lxc/executors/typescript
+++ b/lxc/executors/typescript
@ -1,6 +1,6 @@
 cd /tmp/$2
 mv code.code interim.ts
-timeout -s KILL 10 /usr/local/bin/tsc interim.ts
+timeout -s KILL 10 tsc interim.ts
 rm interim.ts
 mv interim.js code.code
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 nodejs code.code"
+runuser runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 node code.code"
--- a/lxc/shell
+++ b/lxc/shell
@ -1,3 +1,3 @@
 #!/usr/bin/env bash

-lxc-attach -n piston
+lxc-attach --clear-env -n piston
--- a/readme.md
+++ b/readme.md
@ -1,6 +1,7 @@
 ## Piston
-Piston is the underlying engine for running untrusted and possibly malicious code that originates from EMKC contests and challenges. It's also used in the Engineer Man Discord server via
-[felix bot](https://github.com/engineer-man/felix).
+Piston is the underlying engine for running untrusted and possibly malicious
+code that originates from EMKC contests and challenges. It's also used in the
+Engineer Man Discord server via [felix bot](https://github.com/engineer-man/felix).

 #### Installation
 ```
@ -29,25 +30,111 @@ lxc-create -t download -n piston -- --dist ubuntu --release bionic --arch amd64
 ./shell

 # install all necessary piston dependencies
+echo 'source /opt/.profile' >> /opt/.bashrc
+echo 'export HOME=/opt' >> /opt/.profile
+echo 'export TERM=linux' >> /opt/.profile
 export HOME=/opt
-echo 'export PATH=/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin' >> /root/.bashrc
-echo 'export PATH=$PATH:/root/.cargo/bin' >> /root/.bashrc
+export TERM=linux
+sed -i 's/\/root/\/opt/' /etc/passwd
 sed -i \
    's/http:\/\/archive.ubuntu.com\/ubuntu/http:\/\/mirror.math.princeton.edu\/pub\/ubuntu/' \
    /etc/apt/sources.list
 apt-get update
-apt-get -y install git tzdata nano \
-    dpkg-dev build-essential python python3 \
-    ruby nodejs npm golang php7.2 r-base mono-complete \
-    nasm openjdk-8-jdk ubuntu-make bf
-npm install -g typescript
-umake swift
-ln -s /opt/.local/share/umake/swift/swift-lang/usr/bin/swift /usr/bin/swift
-curl https://sh.rustup.rs > rust.sh
-sh rust.sh -y
-ln -s /opt/.cargo/bin/rustc /usr/bin/rustc
-rm -rf /home/ubuntu
-chmod 777 /tmp
+apt-get install -y \
+    nano wget build-essential pkg-config libxml2-dev \
+    libsqlite3-dev mono-complete curl cmake libpython2.7-dev \
+    ruby
+
+# install python2
+# final binary: /opt/python2/Python-2.7.17/python -V
+cd /opt && mkdir python2 && cd python2
+wget https://www.python.org/ftp/python/2.7.17/Python-2.7.17.tar.xz
+unxz Python-2.7.17.tar.xz
+tar -xf Python-2.7.17.tar
+cd Python-2.7.17
+./configure
+# open Modules/Setup and uncomment zlib line
+make -j16
+echo 'export PATH=$PATH:/opt/python2/Python-2.7.17' >> /opt/.profile
+source /opt/.profile
+
+# install python3
+# final binary: /opt/python3/Python-3.8.2/python -V
+cd /opt && mkdir python3 && cd python3
+wget https://www.python.org/ftp/python/3.8.2/Python-3.8.2.tar.xz
+unxz Python-3.8.2.tar.xz
+tar -xf Python-3.8.2.tar
+cd Python-3.8.2
+./configure
+make -j16
+echo 'export PATH=$PATH:/opt/python3/Python-3.8.2' >> /opt/.profile
+source /opt/.profile
+
+# install node.js
+# final binary: /opt/nodejs/node-v12.16.1-linux-x64/bin/node -v
+cd /opt && mkdir nodejs && cd nodejs
+wget https://nodejs.org/dist/v12.16.1/node-v12.16.1-linux-x64.tar.xz
+unxz node-v12.16.1-linux-x64.tar.xz
+tar -xf node-v12.16.1-linux-x64.tar
+echo 'export PATH=$PATH:/opt/nodejs/node-v12.16.1-linux-x64/bin' >> /opt/.profile
+source /opt/.profile
+
+# install typescript
+# final binary: /opt/nodejs/node-v12.16.1-linux-x64/bin/tsc -v
+/opt/nodejs/node-v12.16.1-linux-x64/bin/npm i -g typescript
+
+# install golang
+# final binary: /opt/go/go/bin/go version
+cd /opt && mkdir go && cd go
+wget https://dl.google.com/go/go1.14.1.linux-amd64.tar.gz
+tar -xzf go1.14.1.linux-amd64.tar.gz
+echo 'export PATH=$PATH:/opt/go/go/bin' >> /opt/.profile
+echo 'export GOROOT=/opt/go/go' >> /opt/.profile
+echo 'export GOCACHE=/tmp' >> /opt/.profile
+source /opt/.profile
+
+# install php
+# final binary: /usr/local/bin/php -v
+cd /opt && mkdir php && cd php
+wget https://www.php.net/distributions/php-7.4.4.tar.gz
+tar -xzf php-7.4.4.tar.gz
+cd php-7.4.4
+./configure
+make -j16
+make install
+
+# install rust
+# final binary: /opt/.cargo/bin/rustc --version
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
+echo 'export PATH=$PATH:/opt/.cargo/bin' >> /opt/.profile
+source /opt/.profile
+
+# install swift
+# final binary: /opt/swift/swift-5.1.5-RELEASE-ubuntu18.04/usr/bin/swift --version
+cd /opt && mkdir swift && cd swift
+wget https://swift.org/builds/swift-5.1.5-release/ubuntu1804/swift-5.1.5-RELEASE/swift-5.1.5-RELEASE-ubuntu18.04.tar.gz
+tar -xzf swift-5.1.5-RELEASE-ubuntu18.04.tar.gz
+echo 'export PATH=$PATH:/opt/swift/swift-5.1.5-RELEASE-ubuntu18.04/usr/bin' >> /opt/.profile
+source /opt/.profile
+
+# install nasm
+# final binary: /opt/nasm/nasm-2.14.02/nasm -v
+cd /opt && mkdir nasm && cd nasm
+wget https://www.nasm.us/pub/nasm/releasebuilds/2.14.02/nasm-2.14.02.tar.gz
+tar -xzf nasm-2.14.02.tar.gz
+cd nasm-2.14.02
+./configure
+make -j16
+echo 'export PATH=$PATH:/opt/nasm/nasm-2.14.02' >> /opt/.profile
+source /opt/.profile
+
+# install java
+# final binary: /opt/java/jdk-14/bin/java -version
+cd /opt && mkdir java && cd java
+wget https://download.java.net/java/GA/jdk14/076bab302c7b4508975440c56f6cc26a/36/GPL/openjdk-14_linux-x64_bin.tar.gz
+tar -xzf openjdk-14_linux-x64_bin.tar.gz
+echo 'export PATH=$PATH:/opt/java/jdk-14/bin' >> /opt/.profile
+source /opt/.profile

 # create runnable users and apply limits
 for i in {1..150}; do
@ -59,6 +146,10 @@ for i in {1..150}; do
    echo "runner$i hard nofile 2048" >> /etc/security/limits.conf
 done

+# cleanup
+rm -rf /home/ubuntu
+chmod 777 /tmp
+
 # leave container
 exit

@ -106,7 +197,8 @@ If an invalid language is supplied, a typical response will look like the follow
 ```

 #### Supported Languages
-Currently python2, python3, c, c++, go, node, ruby, r, c#, nasm, php, java, swift, brainfuck, rust, bash, and typescript is supported.
+Currently python2, python3, c, c++, go, node, ruby, r, c#, nasm, php, java,
+swift, brainfuck, rust, bash, and typescript is supported.

 #### Principle of Operation
 Piston utilizes LXC as the primary mechanism for sandboxing. There is a small API written in Go which takes
--- a/tests/test.bf
+++ b/tests/test.bf
@ -1 +0,0 @@
-+[----->+++<]>.++++++++..-----------.>++++++++++.
--- a/tests/test.r
+++ b/tests/test.r
@ -1 +0,0 @@
-print('good')
--- a/tests/test_all_lxc
+++ b/tests/test_all_lxc
@ -20,12 +20,8 @@ echo 'testing python2'
 ../lxc/execute python2 test2.py
 echo 'testing python3'
 ../lxc/execute python3 test3.py
-echo 'testing r'
-../lxc/execute r test.r
 echo 'testing ruby'
 ../lxc/execute ruby test.rb
-echo 'testing brainfuck'
-../lxc/execute bf test.bf
 echo 'testing rust'
 ../lxc/execute rust test.rs
 echo 'testing swift'
				`@ -1 +0,0 @@`
				`+[----->+++<]>.++++++++..-----------.>++++++++++.`