Allow running code as part of dynamic analysis

[kushaldas]

In Python land for example after we install a wheel (or build and then install from source), allow us to execute some code.

Say we are installing a module called randomcode, then maybe we can also pass a python file like following and interpret/execute accordingly.

import randomcode
randomcode.hello()
randomcode.do_something_which_should_not_do_network_call()

[calebbrown]

Is your suggestion related to expanding the coverage of dynamic analysis, verifying that unsafe/undesired behaviour isn't occurring, or both?

As far as expanding coverage goes we've thought about perhaps running any included tests, or using reflection to exercise more code.

[maxfisher-g]

Thanks for the issue @kushaldas!

If I understand correctly, your idea is to allow passing in a custom script which can call certain functions that the user is interested in analysing, inside the sandbox. Is that right?

[kushaldas]

If I understand correctly, your idea is to allow passing in a custom script which can call certain functions that the user is interested in analysing, inside the sandbox. Is that right?

Yes, that is what I had in mind.

[maxfisher-g]

Hi Kushal, while the priorities for our roadmap are mostly centered around automated analysis, including things like increasing coverage using automated methods, we are interested in better understanding the use-cases you had in mind for a manual 'driver script'.

Could you explain a little bit more of the background behind this feature request and/or intended applications?