Skip to content

python_runner

PythonRunner

Runs Python code strings.

.. deprecated:: PythonRunner is deprecated and will be removed in a future release. It does not provide any sandbox isolation — Python's exec() automatically injects __builtins__ into any globals dict, including an empty one. Never pass untrusted input to this class.

Source code in griptape/utils/python_runner.py 
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
@define
class PythonRunner:
    """Runs Python code strings.

    .. deprecated::
        `PythonRunner` is deprecated and will be removed in a future release.
        It does not provide any sandbox isolation — Python's `exec()` automatically
        injects `__builtins__` into any globals dict, including an empty one.
        Never pass untrusted input to this class.
    """

    libs: dict[str, str] = field(factory=dict, kw_only=True)

    def run(self, code: str) -> str:
        deprecation_warn(
            "`PythonRunner` is deprecated and will be removed in a future release. "
            "It does not provide sandbox isolation and must not be used with untrusted input.",
        )
        global_stdout = sys.stdout
        sys.stdout = local_stdout = StringIO()

        try:
            for lib, alias in self.libs.items():
                imported_lib = importlib.import_module(lib)
                globals()[alias] = imported_lib

            exec(f"print({code})", {}, {alias: eval(alias) for alias in self.libs.values()})

            output = local_stdout.getvalue()
        except Exception as e:
            output = str(e)
        finally:
            sys.stdout = global_stdout

        return output.strip()

libs = field(factory=dict, kw_only=True) class-attribute instance-attribute

run(code)

Source code in griptape/utils/python_runner.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
def run(self, code: str) -> str:
    deprecation_warn(
        "`PythonRunner` is deprecated and will be removed in a future release. "
        "It does not provide sandbox isolation and must not be used with untrusted input.",
    )
    global_stdout = sys.stdout
    sys.stdout = local_stdout = StringIO()

    try:
        for lib, alias in self.libs.items():
            imported_lib = importlib.import_module(lib)
            globals()[alias] = imported_lib

        exec(f"print({code})", {}, {alias: eval(alias) for alias in self.libs.values()})

        output = local_stdout.getvalue()
    except Exception as e:
        output = str(e)
    finally:
        sys.stdout = global_stdout

    return output.strip()