I am developing an online compiler wherein user can run python code.My requirement is to run that python code on server side with exec. So I researched on how can I completely eliminate some user running malicious python code and most of the sites suggested this -
- built-ins disabled
- Ptrace and chroot jail
- Sandboxing/VM
But if I store a list of blacklisted commands e.g - ["exec","os","subprocess"] and check the string code for presence of any blacklisted commands and discard it on client side as well as server side then doesn't it solve the problem?