Dangerous Python Keywords?

Question

I am about to get a bunch of python scripts from an untrusted source.

I'd like to be sure that no part of the code can hurt my system, meaning:

(1) the code is not allowed to import ANY MODULE

(2) the code is not allowed to read or write any data, connect to the network etc

(the purpose of each script is to loop through a list, compute some data from input given to it and return the computed value)

before I execute such code, I'd like to have a script 'examine' it and make sure that there's nothing dangerous there that could hurt my system.

I thought of using the following approach: check that the word 'import' is not used (so we are guaranteed that no modules are imported)

yet, it would still be possible for the user (if desired) to write code to read/write files etc (say, using open).

Then here comes the question:

(1) where can I get a 'global' list of python methods (like open)?

(2) Is there some code that I could add to each script that is sent to me (at the top) that would make some 'global' methods invalid for that script (for example, any use of the keyword open would lead to an exception)?

I know that there are some solutions of python sandboxing. but please try to answer this question as I feel this is the more relevant approach for my needs.

EDIT: suppose that I make sure that no import is in the file, and that no possible hurtful methods (such as open, eval, etc) are in it. can I conclude that the file is SAFE? (can you think of any other 'dangerous' ways that built-in methods can be run?)

Answer 1

This point hasn't been made yet, and should be:

You are not going to be able to secure arbitrary Python code.

A VM is the way to go unless you want security issues up the wazoo.

Answer 2

You can still obfuscate import without using eval:

s = '__imp' s += 'ort__' f = globals()['__builtins__'].__dict__[s] ** BOOM **