一、定义模板(public class JavaCodeSandBoxTemplate),方便以后拓展更多编程语言代码沙箱的开发
1.必要的工具类和封装好的执行请求类、执行响应类、执行信息类及判题信息类
1.1需要用到的工具类(执行命令,获取输出)
package com.li.mycodesandbox.Utils;
import cn.hutool.core.date.StopWatch;
import com.li.mycodesandbox.model.ExecuteMessage;
import org.apache.commons.lang3.StringUtils;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.ArrayList;
/**
* @author 黎海旭
**/
public class ProcessUtils {
public static ExecuteMessage runProcessAndGetMessage(Process process, String opName) {
ExecuteMessage executeMessage = new ExecuteMessage();
try {
//计算程序执行时间
StopWatch stopWatch = new StopWatch();
stopWatch.start();
//等待程序执行,获取错误码
int exitValue = process.waitFor();
executeMessage.setExitCode(exitValue);
if (exitValue == 0) {
System.out.println(opName + "成功");
//获取终端输出
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()));
ArrayList<String> outputList = new ArrayList<>();
String compileOutputLine;
while ((compileOutputLine = bufferedReader.readLine()) != null) {
outputList.add(compileOutputLine);
}
executeMessage.setMessage(StringUtils.join(outputList,"\n"));
} else {
System.out.println(opName + "失败,错误码为: " + exitValue);
//获取终端输出
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()));
ArrayList<String> outputList = new ArrayList<>();
String compileOutputLine;
while ((compileOutputLine = bufferedReader.readLine()) != null) {
outputList.add(compileOutputLine);
}
executeMessage.setMessage(StringUtils.join(outputList,"\n"));
//获取终端错误输出
BufferedReader bufferedErrorReader = new BufferedReader(new InputStreamReader(process.getErrorStream()));
ArrayList<String> outputErrorList = new ArrayList<>();
String compileErrorOutputLine;
while ((compileErrorOutputLine = bufferedErrorReader.readLine()) != null) {
outputList.add(compileErrorOutputLine);
}
executeMessage.setErrorMessage(StringUtils.join(outputErrorList,"\n"));
}
stopWatch.stop();
executeMessage.setExecuteTime(stopWatch.getLastTaskTimeMillis());
} catch (Exception e) {
e.printStackTrace();
}
return executeMessage;
}
}1.2 封装好的执行请求类
package com.li.mycodesandbox.model;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
/**
* @author 黎海旭
**/
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class ExecuteCodeRequest {
private List<String> inputList;
private String language;
private String code;
}1.3 封装好的执行响应类
package com.li.mycodesandbox.model;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
/**
* @author 黎海旭
**/
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class ExecuteCodeResponse {
/**
* 输出
*/
private List<String> outputList;
/**
* 接口信息
*/
private String message;
/**
* 执行状态
* 1.代码执行成功,所有用例均有输出
* 2.沙箱错误或者代码编译失败
* 3.代码运行出错
*/
private Integer status;
/**
* 判题信息
*/
private JudgeInfo judgeInfo;
}1.4 封装好的执行信息类
package com.li.mycodesandbox.model;
import lombok.Data;
/**
* @author 黎海旭
* 返回编译或者执行的结果信息
**/
@Data
public class ExecuteMessage {
/**
* 程序执行状态码
*/
private Integer exitCode;
/**
* 程序执行正常输出
*/
private String message;
/**
* 程序执行异常输出
*/
private String errorMessage;
/**
* 程序执行时间
*/
private Long executeTime;
/**
* 程序消耗的内存
*/
private Long executeMemory;
}1.2 封装好的判题信息类
package com.li.mycodesandbox.model;
import lombok.Data;
/**
* @author 黎海旭
**/
@Data
public class JudgeInfo {
/**
* 程序执行结果信息
*/
private String message;
/**
* 消耗内存(kb)
*/
private Long memory;
/**
* 消耗时间(ms)
*/
private Long time;
}2.实现代码沙箱具体步骤
2.1定义需要用到的常量
/**
* 放置提交代码的文件夹路径
*/
private static final String GLOBAL_CODE_DIR_PATH = "src/main/java/com/li/mycodesandbox/tempcode";
/**
* 文件名,这里定死为Main.java
*/
private static final String GLOBAL_JAVA_CLASS_NAME = "Main.java";
/**
* 超时定义(ms),定义程序执行时间超过10s即判定为超时(可根据要求自己定义)
*/
private static final long TIME_OUT = 10000L;2.2保存用户提交的代码
/**
* 保存用户提交的代码
* @param code
* @return
*/
public File saveCodeToFile(String code){
//取到项目根目录
String userDir = System.getProperty("user.dir");
// todo 这里得考虑不同系统下的分隔符问题 linus windows
String globalCodePathName = userDir + File.separator + GLOBAL_CODE_DIR_PATH;
//如果文件路径不存在就创建目录
if (!FileUtil.exist(globalCodePathName)) {
FileUtil.mkdir(globalCodePathName);
}
//记得把代码隔离,因为不能把所有的Main.class都放在同一个目录下
String userCodeParentPath = globalCodePathName + File.separator + UUID.randomUUID();
String userCodePath = userCodeParentPath + File.separator + GLOBAL_JAVA_CLASS_NAME;
File userCodeFile = FileUtil.writeString(code, userCodePath, StandardCharsets.UTF_8);
return userCodeFile;
}2.3编译代码,得到.class文件
/**
* 编译代码,得到.class文件
* @param userCodeFile
* @return
*/
public ExecuteMessage compileFile(File userCodeFile){
String compileCmd = String.format("javac -encoding utf-8 %s", userCodeFile.getAbsolutePath());
try {
Process compileProcess = Runtime.getRuntime().exec(compileCmd);
ExecuteMessage executeMessage = ProcessUtils.runProcessAndGetMessage(compileProcess, "编译");
if (executeMessage.getExitCode() != 0){
throw new RuntimeException("编译错误");
}
return executeMessage;
} catch (Exception e) {
throw new RuntimeException(e);
}
}2.4执行文件获得执行结果列表
/**
* 执行文件获得执行结果列表
* @param inputList
* @return
*/
public List<ExecuteMessage> runCode(List<String> inputList,File userCodeFile,long timeout){
ArrayList<ExecuteMessage> executeMessages = new ArrayList<>();
//取到项目根目录
String userCodeParentPath = userCodeFile.getParentFile().getAbsolutePath();
for (String input : inputList) {
/**
* 指定jvm最大堆内存,避免用户传进来的代码占用过多服务器内存溢出,这里指定最大为256mb(实际上会超过一些,不会很准确)
*/
String runCmd = String.format("java -Xmx256m -Dfile.encoding=UTF-8 -cp %s Main %s", userCodeParentPath, input);
try {
Process runProcess = Runtime.getRuntime().exec(runCmd);
new Thread(() -> {
try {
Thread.sleep(timeout);
/**
* 如果10s后程序用户输出的程序还没有执行完,那么就中断程序,避免程序卡死占用资源
*/
if (runProcess.isAlive()){
runProcess.destroy();
throw new RuntimeException("程序运行超时");
}
} catch (InterruptedException e) {
throw new RuntimeException(e);
}
}).start();
ExecuteMessage executeMessage = ProcessUtils.runProcessAndGetMessage(runProcess, "运行");
System.out.println(executeMessage);
executeMessages.add(executeMessage);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
return executeMessages;
}2.5获取、处理输出结果
/**
* 获取、处理输出结果
* @param executeMessages
* @return
*/
public ExecuteCodeResponse getOutputResponse(List<ExecuteMessage> executeMessages){
//得到所有测试用例运行所花的最大值,有一个超时了就不符合要求
long maxTime = 0;
//得到所有测试用例所消耗的内存
long maxMemery = 0;
ExecuteCodeResponse executeCodeResponse = new ExecuteCodeResponse();
ArrayList<String> outputList = new ArrayList<>();
for (ExecuteMessage executeMessage : executeMessages) {
String errorMessage = executeMessage.getErrorMessage();
if (StrUtil.isNotBlank(errorMessage)) {
//执行中存在错误,代码运行错误
//就将报错信息放入到返回结果信息中
executeCodeResponse.setMessage(errorMessage);
executeCodeResponse.setStatus(3);
break;
}
//没有错误就将程序成功执行的结果放入到返回的列表中
outputList.add(executeMessage.getMessage());
Long executeTime = executeMessage.getExecuteTime();
Long executeMemory = executeMessage.getExecuteMemory();
if (executeTime != null) {
maxTime = Math.max(maxTime, executeTime);
}
if (executeMemory != null){
maxMemery = Math.max(maxMemery,executeMemory);
}
}
//如果全部正常执行的话
if (outputList.size() == executeMessages.size()) {
executeCodeResponse.setStatus(1);
}
executeCodeResponse.setOutputList(outputList);
JudgeInfo judgeInfo = new JudgeInfo();
judgeInfo.setMemory(maxMemery);
judgeInfo.setTime(maxTime);
executeCodeResponse.setJudgeInfo(judgeInfo);
return executeCodeResponse;
}2.6删除之前上传保存的代码文件
/**
* 删除文件
* @param userCodeFile
* @return
*/
public boolean doDelete(File userCodeFile){
String userCodeParentPath = userCodeFile.getParentFile().getAbsolutePath();
if (userCodeFile.getParentFile() != null) {
boolean del = FileUtil.del(userCodeParentPath);
System.out.println("删除" + (del ? "成功" : "失败"));
return del;
}
return true;
}2.7获取执行过程中错误
/**
* 获取错误方法
*
* @param e 异常值
* @return 返回响应
*/
private ExecuteCodeResponse getErrorResponse(Throwable e) {
ExecuteCodeResponse executeCodeResponse = new ExecuteCodeResponse();
executeCodeResponse.setOutputList(new ArrayList<>());
executeCodeResponse.setMessage(e.getMessage());
//代表沙箱错误
executeCodeResponse.setStatus(2);
executeCodeResponse.setJudgeInfo(new JudgeInfo());
return executeCodeResponse;
}3.将上述方法封装成一个统一的方法
@Override
public ExecuteCodeResponse codeExecute(ExecuteCodeRequest executeCodeRequest) {
// /**
// * 设置权限管理器
// */
// System.setSecurityManager(new DefaultSecurityManager());
ExecuteCodeResponse executeCodeResponse = null;
File userCodeFile = null;
try {
/**
* 1.把用户的代码保存为文件
*/
List<String> inputList = executeCodeRequest.getInputList();
String language = executeCodeRequest.getLanguage();
String code = executeCodeRequest.getCode();
userCodeFile = saveCodeToFile(code);
/**
* 2.编译代码,得到class文件
*/
ExecuteMessage executeMessage = compileFile(userCodeFile);
System.out.println(executeMessage);
/**
* 3.执行程序,得到代码输出值
*/
List<ExecuteMessage> executeMessages = runCode(inputList,userCodeFile,TIME_OUT);
/**
* 4.收集整理输出结果
*/
executeCodeResponse = getOutputResponse(executeMessages);
/**
* 5.文件清理,清除class文件,避免占用服务器空间
*/
boolean doDelete = doDelete(userCodeFile);
if (!doDelete){
log.error("delete file error,userCodeFilePath = {}",userCodeFile.getAbsolutePath());
}
} catch (Exception e) {
e.printStackTrace();
//删除用户提交的文件
boolean doDelete = doDelete(userCodeFile);
if (!doDelete){
log.error("delete file error,userCodeFilePath = {}",userCodeFile.getAbsolutePath());
}
return getErrorResponse(e);
}
//6错误处理,提升程序健壮性,比如当用户程序编译失败未等执行
return executeCodeResponse;
}二、继承模板方法,重写runCode方法,让java代码运行在docker容器里面
package com.li.mycodesandbox.tempcode;
import cn.hutool.core.date.StopWatch;
import cn.hutool.core.io.resource.ResourceUtil;
import cn.hutool.core.util.ArrayUtil;
import com.github.dockerjava.api.DockerClient;
import com.github.dockerjava.api.async.ResultCallback;
import com.github.dockerjava.api.command.*;
import com.github.dockerjava.api.model.*;
import com.github.dockerjava.core.DockerClientBuilder;
import com.github.dockerjava.core.command.ExecStartResultCallback;
import com.li.mycodesandbox.model.ExecuteCodeRequest;
import com.li.mycodesandbox.model.ExecuteCodeResponse;
import com.li.mycodesandbox.model.ExecuteMessage;
import org.springframework.stereotype.Service;
import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.TimeUnit;
/**
* @author 黎海旭
**/
@Service
public class JavaDockerCodeSandBox extends JavaCodeSandBoxTemplate{
private static Boolean FIRST_INIT = true;
public static void main(String[] args) throws InterruptedException {
JavaDockerCodeSandBox javaDockerCodeSandBox = new JavaDockerCodeSandBox();
ExecuteCodeRequest executeCodeRequest = new ExecuteCodeRequest();
executeCodeRequest.setInputList(Arrays.asList("1 2","3 4"));
String code = ResourceUtil.readStr("Main.java", StandardCharsets.UTF_8);
System.out.println(code);
executeCodeRequest.setCode(code);
executeCodeRequest.setLanguage("java");
ExecuteCodeResponse executeCodeResponse = javaDockerCodeSandBox.codeExecute(executeCodeRequest);
System.out.println(executeCodeResponse);
}
@Override
public List<ExecuteMessage> runCode(List<String> inputList, File userCodeFile,long timeout) {
String userCodeParentPath = userCodeFile.getParentFile().getAbsolutePath();
System.out.println(userCodeParentPath);
/**
* 1.拉取镜像
*/
DockerClient dockerClient = DockerClientBuilder.getInstance().build();
String image = "openjdk:8-alpine";
if (FIRST_INIT){
PullImageCmd pullImageCmd = dockerClient.pullImageCmd(image);
PullImageResultCallback pullImageResultCallback = new PullImageResultCallback(){
@Override
public void onNext(PullResponseItem item) {
System.out.println("下载镜像 " + item.getStatus());
super.onNext(item);
}
};
try {
pullImageCmd.exec(pullImageResultCallback).awaitCompletion();
} catch (InterruptedException e) {
System.out.println("拉取镜像异常");
throw new RuntimeException(e);
}
System.out.println("下载完成");
FIRST_INIT = false;
}
/**
* 2.创建容器
*/
CreateContainerCmd containerCmd = dockerClient.createContainerCmd(image);
HostConfig hostConfig = new HostConfig();
//限制内存
hostConfig.withMemory(100 * 1000 * 1000L);
hostConfig.withCpuCount(1L);
hostConfig.setBinds(new Bind(userCodeParentPath,new Volume("/app")));
CreateContainerResponse createContainerResponse = containerCmd
.withHostConfig(hostConfig)
.withAttachStdin(true)
.withAttachStderr(true)
.withAttachStdin(true)
.withNetworkDisabled(true) //禁用联网功能
.withReadonlyRootfs(true) //禁止往root目录写文件
.withTty(true)
.exec();
System.out.println(createContainerResponse);
String containerId = createContainerResponse.getId();
System.out.println(containerId);
/**
* 3.启动容器,执行命令并获取结果(运行结果、运行时间、内存消耗、正确信息、错误信息)
*/
dockerClient.startContainerCmd(containerId).exec();
ArrayList<ExecuteMessage> executeMessages = new ArrayList<>();
for (String input : inputList) {
ExecuteMessage executeMessage = new ExecuteMessage();
String[] inputArray = input.split(" ");
String[] cmdArray = ArrayUtil.append(new String[]{"java","-cp","/app","Main"},inputArray);
ExecCreateCmdResponse execCreateCmdResponse = dockerClient.execCreateCmd(containerId)
.withCmd(cmdArray)
.withAttachStderr(true)
.withAttachStdin(true)
.withAttachStdout(true)
.exec();
System.out.println("创建执行命令: " + execCreateCmdResponse);
String exeId = execCreateCmdResponse.getId();
/**
*判断程序是否超时
* 设置一个标志位,默认为超时,除非在规定的超时时间内将标志位改为false,这里规定的为5s,命令执行回调限制为5s
*/
final boolean[] isTimeout = {true};
ExecStartResultCallback execStartResultCallback = new ExecStartResultCallback(){
/**
* 该方法为程序执行完命令后会调用的方法
*/
@Override
public void onComplete() {
isTimeout[0] = false;
super.onComplete();
}
@Override
public void onNext(Frame frame) {
StreamType streamType = frame.getStreamType();
if (StreamType.STDERR.equals(streamType)){
executeMessage.setErrorMessage(new String(frame.getPayload()));
System.out.println("输出错误结果: " + new String(frame.getPayload()));
}else {
executeMessage.setMessage(new String(frame.getPayload()));
System.out.println("输出结果: " + new String(frame.getPayload()));
}
super.onNext(frame);
}
};
/**
* 获取占用的内存
*/
final Long[] maxMemory = {0L};
StatsCmd statsCmd = dockerClient.statsCmd(containerId);
ResultCallback<Statistics> statisticsResultCallback = statsCmd.exec(new ResultCallback<Statistics>() {
@Override
public void onStart(Closeable closeable) {
}
@Override
public void onNext(Statistics statistics) {
System.out.println("内存占用情况: " + statistics.getMemoryStats().getUsage());
maxMemory[0] = Math.max(statistics.getMemoryStats().getUsage(), maxMemory[0]);
}
@Override
public void onError(Throwable throwable) {
}
@Override
public void onComplete() {
}
@Override
public void close() throws IOException {
}
});
statsCmd.close();
try {
/**
* 时间这里得处理一下
*/
//计算程序执行时间
StopWatch stopWatch = new StopWatch();
stopWatch.start();
/**
* 根据设定的超时时间,程序执行超时就停掉
*/
dockerClient.execStartCmd(exeId)
.exec(execStartResultCallback)
//毫秒
.awaitCompletion(timeout, TimeUnit.MILLISECONDS);
stopWatch.stop();
executeMessage.setExecuteTime(stopWatch.getLastTaskTimeMillis());
} catch (InterruptedException e) {
System.out.println("程序执行异常");
throw new RuntimeException(e);
}
//设置内存消耗
executeMessage.setExecuteMemory(maxMemory[0]/1000);
executeMessages.add(executeMessage);
}
/**
* 4.销毁容器
*/
dockerClient.removeContainerCmd(containerId).withForce(true).exec();
System.out.println(executeMessages);
return executeMessages;
}
}三.总结
以上便是这次java构建代码沙箱的步骤及方法了,这样用户提交的代码就很难会影响到服务器的运行安全了。大家有问题可以在评论区交流哦~
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
