• Stars
    star
    805
  • Rank 56,629 (Top 2 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created about 9 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Sandboxed Execution Environment

Sandboxed Execution Environment

Source:https://github.com/F-Secure/see
Documentation:https://see.readthedocs.io
Download:https://pypi.python.org/pypi/python-see

Build Status Documentation Status

Introduction

Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments.

The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments.

Plugins can be added to a Test Environment which provides an Event mechanism synchronisation for their interaction. Users can enable and configure the plugins through a JSON configuration file.

Audience

SEE is for automating tests against unknown, dangerous or unstable software tracking its activity during the execution.

SEE is well suited for building modular test platforms or managing executable code with a good degree of isolation.

SEE allows to write sandboxed tests both for quick prototyping and for running on production environment.

Installation

SEE is available as Python package on the Python Package Index (PyPI).

It's user's responsibility to install and setup the hypervisors intended to be controlled with SEE and the possible dependencies and subsystems used by the selected image providers.

Please refer to the documentation to see how to setup and configure each hypervisor.

Supported hypervisors

SEE is build on top of libvirt's APIs, therefore all hypervisors supported by libvirt can be controlled through SEE.

SEE comes with a basic support for QEMU, VirtualBox and LXC, to add more hypervisor or customize the basic ones see the code contained in see/context.

Image providers

SEE uses a system of pluggable providers to retrieve disk images from arbitrary sources and make them available to SEE.

SEE bundles providers for LibVirt storage pools and OpenStack Glance as well as a dummy provider implementation, to add more providers see the code contained in see/image_providers.

Principles

SEE is an event-driven, plugin-based sandbox provider for synchronous and asynchronous test flow control.

                                                                  +----------+
                                                                  |          |
                                                          +-------| SEE Hook |
                                                          |       |          |
                                                          |       +----------+
              +---------+-------+       +---------+       |       +----------+
              |                 |       |         |       |       |          |
User -------> | SEE Environment |-------| Sandbox |-------+-------| SEE Hook |
              |                 |       |         |       |       |          |
              +-----------------+       +---------+       |       +----------+
                                                          |       +----------+
                                                          |       |          |
                                                          +-------| SEE Hook |
                                                                  |          |
                                                                  +----------+

A SEE Environment encapsulates all the required resources acting as a handler for the User. The Sandbox is controlled by the Hooks which act as plugins, Hooks communicate and co-ordinate themselves through Events.

Each Hook has direct access to the Sandbox which exposes a simple API for it's control and libvirt's APIs for more fine grained control.

Links

Libvirt project page.

https://libvirt.org

Presentation on PyCon Finland 2015.

https://www.youtube.com/watch?v=k185OMivqbQ

More Repositories

1

mittn

Mittn: Security test tool runner for test automation in CI
Python
193
star
2

Sulo

Dynamic instrumentation tool for Adobe Flash Player built on Intel Pin
C++
148
star
3

mqtt_fuzz

A simple fuzzer for the MQTT protocol
Python
73
star
4

elevation-of-privacy

Privacy Cards for Software Developers
48
star
5

reflash

ActionScript3 dynamic instrumentation tool
D
36
star
6

pytest-voluptuous

A pytest plugin for asserting data against voluptuous schema
Python
29
star
7

flaky-tests-detection

Python
22
star
8

headless-scanner-driver

A Burp Suite extension that starts scanning on requests it sees, and dumps results on standard output
Python
20
star
9

Synounlocker

Tool for decrypting files encrypted by the SynoLocker ransomware
Python
14
star
10

murphy

Python
14
star
11

resource-api

A framework that allows developers declaratively define resources and relationships between them
Python
10
star
12

sysvkit

A toolkit for running systemd-centric services on sysvinit systems
C
8
star
13

gdpr-subject-rights-api

An OpenAPI specification for fulfilling data subject requests under the GDPR
8
star
14

failures-analysis

Groupping automatically similar failures in the CI/CD pipeline
Python
7
star
15

pytest-rts

Coverage-based regression test selection (RTS) plugin for pytest
Python
7
star
16

distci

Python
5
star
17

fstrace

trace logging library
C
4
star
18

dvmps

Dynamic Virtual Machine Provisioning Service
Python
4
star
19

unixkit

unix-specific utility functions
C
3
star
20

atlant-api

F-Secure Atlant API Examples
Python
3
star
21

flaky-test-ci

Python
3
star
22

fsdyn

collection of elementary data structures
C
2
star
23

pglookout

2
star
24

async

event loop on top of epoll and kqueue with stackable streams
C
2
star
25

pyvsphere

Python
2
star
26

change-analyzer

Python
1
star
27

encjson

JSON encoding and decoding library
C
1
star
28

asynctls

client-side and server-side TLS async streams on top of openssl and macOS Secure Transport
C
1
star