judger 0.1.1

A sandboxed environment for running untrusted code safely.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

#![deny(missing_docs)]
//! A Rust library for sandboxed code execution and resource limitation.
//! This library provides functionalities to run untrusted code with specified resource limits,
//! such as CPU time, memory usage, and process count. It also supports seccomp filtering for enhanced security.
//! # Features
//! - Configurable resource limits
//! - Seccomp filtering
//! - Detailed logging
//! - Error handling with specific error codes
//! # Example
//! ```rust
//! use judger::{Config, SeccompRuleName, run};
//! fn main() {
//!     let config = Config {
//!         max_cpu_time: 1000,
//!         max_real_time: 2000,
//!         max_memory: 128 * 1024 * 1024,
//!         max_stack: 32 * 1024 * 1024,
//!         max_process_number: 200,
//!         max_output_size: 10000,
//!         memory_limit_check_only: false,
//!         exe_path: "hello_world".to_string(),
//!         input_path: "1.in".to_string(),
//!         output_path: "1.out".to_string(),
//!         error_path: "1.err".to_string(),
//!         args: vec![],
//!         env: vec![],
//!         log_path: "judger.log".to_string(),
//!         seccomp_rule_name: Some(SeccompRuleName::CCpp),
//!         uid: 0,
//!         gid: 0,
//!     };
//!     let result = run(&config);
//!     println!("{:?}", result);
//! }
//! ```
//! # Modules
//! - `child`: Handles the child process execution and resource limiting.
//! - `logger`: Provides logging functionalities.
//! - `runner`: Manages the overall execution flow.
//! - `seccomp`: Implements seccomp filtering.
//! - `utils`: Contains utility functions and error codes.
//! # Error Handling
//! The library defines a set of error codes in the `utils` module to represent various failure scenarios.
//! Users can handle these errors appropriately based on their needs.
//! # Logging
//! The `logger` module provides a simple logging mechanism with different log levels.
//! Users can log messages to a specified log file for debugging and monitoring purposes.
//! # Security
//! The library supports seccomp filtering to restrict the system calls that the executed code can make,
//! enhancing the security of the sandboxed environment.
//! # License
//! This library is open-source and available under the MIT License.
//! Feel free to use and modify it according to your needs.
//! # Contributions
//! Contributions are welcome! Please submit issues and pull requests on the [GitHub repository](https://github.com/harkerhand/judger-rs).
//! # Author
//! Developed by [harkerhand](https://github.com/harkerhand).

mod child;
mod logger;
mod runner;
mod seccomp;
mod utils;

pub use crate::child::child_process;
pub use crate::logger::LogLevel;
pub use crate::logger::Logger;
pub use crate::runner::run;
pub use crate::seccomp::SeccompRuleName;
pub use crate::utils::ErrorCode;

/// Configuration for the judger.
#[derive(Debug)]
pub struct Config {
    /// Maximum CPU time in milliseconds (-1 for unlimited).
    pub max_cpu_time: i32,
    /// Maximum real time in milliseconds (-1 for unlimited).
    pub max_real_time: i32,
    /// Maximum memory in bytes (-1 for unlimited).
    pub max_memory: i64,
    /// Maximum stack size in bytes.
    pub max_stack: i64,
    /// Maximum number of processes (-1 for unlimited).
    pub max_process_number: i32,
    /// Maximum output size in bytes (-1 for unlimited).
    pub max_output_size: i64,
    /// If true, only check memory limit without enforcing it.
    pub memory_limit_check_only: bool,
    /// Path to the executable.
    pub exe_path: String,
    /// Path to the input file.
    pub input_path: String,
    /// Path to the output file.
    pub output_path: String,
    /// Path to the error file.
    pub error_path: String,
    /// Arguments to pass to the executable.
    pub args: Vec<String>,
    /// Environment variables for the executable.
    pub env: Vec<String>,
    /// Path to the log file.
    pub log_path: String,
    /// Name of the seccomp rule to apply.
    pub seccomp_rule_name: Option<SeccompRuleName>,
    /// User ID to run the process as.
    pub uid: u32,
    /// Group ID to run the process as.
    pub gid: u32,
}

impl Config {
    pub(crate) fn check(&self) -> bool {
        !((self.max_cpu_time < 1 && self.max_cpu_time != -1)
            || (self.max_real_time < 1 && self.max_real_time != -1)
            || (self.max_stack < 1)
            || (self.max_memory < 1 && self.max_memory != -1)
            || (self.max_process_number < 1 && self.max_process_number != -1)
            || (self.max_output_size < 1 && self.max_output_size != -1))
    }
}