ImportError: import of the devappserver sandbox module from user application code is prohibited

Question

ImportError: import of the devappserver sandbox module from user application code is prohibited

I am working on a Google App Engine application written in Python (standard environment) and I need to add a whitelist of additional modules to the development server environment.

I have been doing this using this code in the appengine_config file for a long time, and it worked very well:

from google.appengine.tools.devappserver2.python import sandbox
sandbox._WHITE_LIST_C_MODULES += ['_ssl', '_socket']

As pointed out in this question , some time ago the Google Cloud SDK was updated, and the previous import raised ImportError. Import just needs to be changed:

from google.appengine.tools.devappserver2.python.runtime import sandbox

With this change, everything worked fine again until I upgraded the Cloud SDK to version: 186.0.0.

Now it seems that the SandboxAccessPreventionImportHook class has been added to the sandbox module, so it cannot be imported from the App Engine application. This is the error the application creates:

ImportError: Importing the devappserver sandbox module (google.appengine.tools.devappserver2.python.runtime.sandbox) from user application code is not permitted.

Does anyone have an idea on how to get around this? Or is there another way for whitelisting in a development server environment?

Thank!!!

+4

python google-app-engine

pmachold Jan 31 '18 at 10:10

source share

4 answers

, OP, , ,

+1

karloskar 02 . '18 6:32

Alex · Answer 1 · 2018-01-31T22:18:46+0000

Context

So, for me, the root of this problem was the dev_appserver.pyinability to send outgoing https requests / sockets.

Then the solution was to put this in mine appengine_config.py:

vendor.add('lib')

if os.environ.get('SERVER_SOFTWARE', '').startswith('Development'):
    import imp
    import os.path
    import inspect
    try:
        from google.appengine.tools.devappserver2.python import sandbox
    except ImportError:
        from google.appengine.tools.devappserver2.python.runtime import sandbox

    sandbox._WHITE_LIST_C_MODULES += ['_ssl', '_socket']
    # Use the system socket.

    real_os_src_path = os.path.realpath(inspect.getsourcefile(os))
    psocket = os.path.join(os.path.dirname(real_os_src_path), 'socket.py')
    imp.load_source('socket', psocket)
else:
    # Doing this on dev_appserver/localhost seems to cause outbound https requests to fail
    import requests
    from requests_toolbelt.adapters import appengine as requests_toolbelt_appengine

    # Use the App Engine Requests adapter. This makes sure that Requests uses
    # URLFetch.
    requests_toolbelt_appengine.monkeypatch()

Today I updated my cloud sdk and started getting

ImportError: Importing the devappserver sandbox module (google.appengine.tools.devappserver2.python.runtime.sandbox) from user application code is not permitted.

If I delete the material _WHITE_LIST_C_MODULES, I get this error when using the python request library to execute outgoing https requests:

  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/appengine/api/urlfetch.py", line 293, in fetch
    return rpc.get_result()
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/appengine/api/apiproxy_stub_map.py", line 613, in get_result
    return self.__get_result_hook(self)
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/appengine/api/urlfetch.py", line 413, in _get_fetch_result
    rpc.check_success()
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/appengine/api/apiproxy_stub_map.py", line 579, in check_success
    self.__rpc.CheckSuccess()
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/appengine/api/apiproxy_rpc.py", line 157, in _WaitImpl
    self.request, self.response)
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/appengine/ext/remote_api/remote_api_stub.py", line 222, in MakeSyncCall
    self._MakeRealSyncCall(service, call, request, response)
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/appengine/ext/remote_api/remote_api_stub.py", line 241, in _MakeRealSyncCall
    request_pb.set_request(request.Encode())
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/net/proto/ProtocolBuffer.py", line 103, in Encode
    self.Output(e)
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/net/proto/ProtocolBuffer.py", line 347, in Output
    self.OutputUnchecked(e)
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/appengine/api/urlfetch_service_pb.py", line 481, in OutputUnchecked
    out.putDouble(self.deadline_)
  File "/Users/alexindaco/google-cloud-sdk/platform/google_appengine/google/net/proto/ProtocolBuffer.py", line 592, in putDouble
    a.fromstring(struct.pack("<d", v))
error: required argument is not a float

, https://github.com/requests/requests/issues/4078 , , , python- 2.16.0

lib,

pip install -t lib

lib localhost_libs, :

pip install -t localhost_libs requests==2.16

appengine_config.py :

vendor.add('lib')

if os.environ.get('SERVER_SOFTWARE', '').startswith('Development'):
    vendor.add('localhost_libs')
    import pkg_resources
    pkg_resources.require("requests==2.16.0")
import requests
print "requests.__version__", requests.__version__

from requests_toolbelt.adapters import appengine as requests_toolbelt_appengine

# Use the App Engine Requests adapter. This makes sure that Requests uses
# URLFetch.
requests_toolbelt_appengine.monkeypatch()
print "Appengine config done"

: pkg_resources prod_libs

Axa cheng · Answer 2 · 2018-03-10T09:09:54+0000

@karloskar, .

, sandbox.py, _ssl _socket WHITE_LIST, - ImportError: google.auth.

For those who also got the google.auth error , you might consider updating yours appengine_config.pyas shown below. This is a way to fix my import problem.

# appengine_config.py

import os
import google
from google.appengine.ext import vendor

lib_directory = os.path.dirname(__file__) + '/lib'

# Change where to find the google package (point to the lib/ directory)
google.__path__ = [os.path.join(lib_directory, 'google')] + google.__path__

# Add any libraries install in the "lib" folder.
vendor.add(lib_directory)

Reference1: App Engine does not find google.auth file in dev_appserver.py

Reference2: https://github.com/GoogleCloudPlatform/google-auth-library-python/issues/169#issuecomment-315417916

Pasha Gagin · Answer 3 · 2018-03-06T08:56:05+0000

The location of the sandbox module has moved to the runtime module.

from google.appengine.tools.devappserver2.python import runtime
runtime.sandbox._WHITE_LIST_C_MODULES += ['_ssl', '_socket']

ImportError: import of the devappserver sandbox module from user application code is prohibited

Context

More articles: