tags:

views:

46

answers:

3
+2  Q: 

Add a python script at runtime

Hello, I am beginning python and working on a project, and one thing I would like to be able to do is download and run a script dynamically at runtime.

The general idea is to be able to connect to a server, download a python script on demand, and run that script that was just downloaded without having to restart the program or hard code that specific script in to the program.

The program I'm working with uses Python for scripting and execution, and C++ for the other code such as rendering and math.

I would like to be able to use python to run scripts that have been downloaded from a server (for things such as user generated content).

I was wondering if that was possible, or if I should use another scripting language (possibly LUA) for that situation?

Thanks, Th3flyboy

A: 

You can definitely do this. Use urllib to download or generate the script, then import it. It'll work like a charm every time, as long as you download the script to your PYTHONPATH.

For example:

from urllib import urlretrieve
urlretrieve('http://www.mysite.com/myscript.py', '/home/me/script.py')
import script

You can also generate the script yourself from a template, pulling data from online (perhaps in xml or from a database) and using Python's text processing capabilities to make the necessary adjustments.

Rafe Kettler  2010-10-27 21:38:38
This is almost what I was hoping for, the only issue is I'm trying to download and execute it outside of the PYTHONPATH. Is it possible to use this method in a data folder of the program that is not defined in environment variables?
th3flyboy  2010-10-27 21:43:48
Note that when you import the downloaded module, you don't want to use the regular `import` statement, because that will be executed when your main script is loaded, before the script you want to run has been downloaded. Instead, use `__import__("modulename")` or `exec "import modulename"` so that the import is not performed until runtime. You can then call a function in the loaded module as `modulename.func()` and so on.
kindall  2010-10-27 21:44:31
You can change the path that Python looks for scripts in from the program by changing `sys.path`.
Rafe Kettler  2010-10-27 21:48:15
Thanks, that answers the question. I'm going to leave it unmarked for a little while though to (hopefully) get an answer on another point brought up about security of the program by doing this.
th3flyboy  2010-10-27 21:53:16
A: 

Any programming language that allows to run an external script should be able to do your job. That practically means all languages. Almost all dynamic languages will do.

With python, there are multitude of ways to connect to a server and fetch the url. For execution, you could use subprocess module

pyfunc  2010-10-27 21:41:39
A: 

This is quite possible, though hugely insecure.

You need to download using urllib2.urlopen and then executing the result using exec. I am reluctant to explain further because of the security implications.

Edit: An explanation about the security issues.

In Python (CPython) currently there is no way to have a sandbox. The result is any untrusted code has access to all the capabilities Python has on your machine (for the specific user). This can be partially solved by using a specialised user, and better operating system level solutions. They are complicated, however.

An example of sandboxing is the way Java restrict applets from having total access to the machine.

Lua is frequently used in games programming. The famous example is World of Warcraft. One of the main reasons is that it can be sandboxed. Deciding the capabilities to allow the untrusted code is not simple, but at least it can be secured much easier than Python.

Muhammad Alkarouri  2010-10-27 21:43:20
Would LUA be a better option security wise if I were wanting to do something like this. The idea is to only execute scripts that activate code inside the base program. I intend on using this as a method of scripting for a game application, and I want to only execute the game's code. If LUA would be a more secure but still functional option, I think I will probably go with LUA instead for this specific part of the application.
th3flyboy  2010-10-27 21:50:01
I am not an expert at Lua, but it is more secure if you do sandboxing as explained [here](http://lua-users.org/wiki/SandBoxes).
Muhammad Alkarouri  2010-10-27 22:00:02
If security is a major concern, he can use secure FTP or something of that nature.
Rafe Kettler  2010-10-27 22:03:28
Thanks, I think I'll use LUA in order to do scripting for user generated content with the sandboxing you mentioned. As for the FTP idea, this is mainly for retrieving content such as mods or missions from a game server, and as these can be made by the user, I don't think a secure FTP would even apply here.
th3flyboy  2010-10-27 22:04:52
@Rafe: th3flyboy got it right. User generated content cannot be secured by using sftp or similar. If Python is a must, the options are: sandboxed IronPython or Jython, or OS level security (separate virtual machine, FreeBSD jail). I am actually looking at this for a project I have (and I really need to use Python). [This](http://wiki.python.org/moin/How%20can%20I%20run%20an%20untrusted%20Python%20script%20safely%20(i.e.%20Sandbox\)) is a good page. If there are options, other languages are probably better.
Muhammad Alkarouri  2010-10-27 22:19:25
@Muhammad: I see your point, I thought you were coming from a privacy standpoint. I guess this is a glaring security flaw in Python...
Rafe Kettler  2010-10-27 22:39:41

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python