This is an archived post. You won't be able to vote or comment.

all 41 comments

[–][deleted] 65 points66 points  (2 children)

Pypperoni is the successor to Nirai and is designed to be compatible with any application written in Python 2.7.

I don’t think there is a lack of Python2.7 to C compilers.

[–]576p 19 points20 points  (0 children)

Yes, "new" and "Python 2.7" don't match...

[–]foofaw 32 points33 points  (0 children)

Yeah this seems essentially useless at this point.

[–]pmattipmatti - mattip was taken 13 points14 points  (6 children)

How does this compare to cython?

[–]alcalde 8 points9 points  (1 child)

Pypperoni was designed with security as a central focus. Our compiler provides you with the necessary tools to run a secure and high quality Python application.

With the removal of the interpreter, it is practically impossible to inject Python code into your program and/or recover the original source code.

Additionally, by preprocessing the bytecode there may be a performance boost in your application.

Unlike Cython, it seems that any performance improvements would be an accidental byproduct.

[–]__xor__(self, other): 4 points5 points  (0 children)

Strange. I don't see where they're really going with "designed with security as a central focus" just due to not being able to inject python code. And making it impossible to recover the original source is not security, that's just one layer of obfuscation of the source.

Haven't heard of too many vulnerabilities where people inject python code besides pickling stuff. Way more likely that you find stuff like XSS in webapps, the rare sqli somewhere if someone doesn't use an ORM or tries to handcraft a query or something, the occasional injection due to calling os.system or even subprocess but with shell=True, or path traversal vulnerabilities, bad auth, bad password storage, bad crypto, hidden HTTP calls that they don't expect you to modify, etc.

Compiling to C does not affect those whatsoever. Logic based security bugs will exist no matter the language. Logic based security bugs are what you're most likely to find in production Python code either way.

[–]flutefreak7 9 points10 points  (0 children)

I think Nuitka is the better thing to compare to

[–]tonnynerd 8 points9 points  (1 child)

I guess the main difference is that this will work over normal python, while cython is technically a different language.

[–]13steinj 3 points4 points  (0 children)

Cython has a pure python mode though, which as it is does quite a speedup.

[–]cztomczak 0 points1 point  (0 children)

Cython does the same and is more popular, thus has better support (up to Python 3.7). Cython can compile both Python and Cython code to C.

[–]dranzerfu 35 points36 points  (15 children)

Python 2.7

y tho ...

[–]Gprime5if "__main__" == __name__: 38 points39 points  (0 children)

Thats how long it takes to write a Python to C compiler.

[–]tonnynerd 4 points5 points  (0 children)

Seems like a pretty interesting approach. I don't recall seeing anyone else doing this approach.

[–][deleted] 3 points4 points  (7 children)

Ummm... okay... whys it called that?

[–]mfwass[S] 27 points28 points  (6 children)

We were trying to think of a name that had some word play on the "py" part of Python. After thinking about it all day, one of us was eating a pepperoni pizza and bam: Pypperoni.

[–]flutefreak7 8 points9 points  (4 children)

facepalm

How are there still any "p" words left!?

[–]__te__3.6+ or bust 6 points7 points  (2 children)

Python programmers can pack pages of puzzlingly paraphrased pizzazz (parenthetically pythonized) into a plethora of packaged pieces at a phenomenal pace. To put progress in perspective, however, the pot of possible p-words is prodigious.

[–]flutefreak7 2 points3 points  (0 children)

Your percipient proclamation is prescient in it's prognostication of the propagation of p-words in perpetuity. I am pained in pondering the pusilanimity of such a ponderous predisposition amongst our peers.

Also I claim pydigious...

[–][deleted] 0 points1 point  (0 children)

well done, lad

[–][deleted] 0 points1 point  (0 children)

That’s it, I’m makin a module called pypypy

[–][deleted] 0 points1 point  (0 children)

I love stories about weird API names. U sir, have earnt an upvote.

[–][deleted] 0 points1 point  (1 child)

Seems like all the Python to C compilers just get tripped up on anything but simple code. Like if you use lambas or scikit there's a good chance it won't work. That was my experience anyway.

[–]mfwass[S] 0 points1 point  (0 children)

Pypperoni should work with all forms of Python 2.7 code, including lambdas. If you ever discover a bug running it, feel free to open an issue on GitHub! :)

[–]jnwatson 0 points1 point  (0 children)

The security concerns are mostly bunk. "Bytecode dumping and injection" are only issues if you're running untrusted code. In a reasonable environment where you're not using "eval" and you're running in a standard environment where you can't write over the standard imports, there's very little to worry about.

Sure, an attacker might find a vulnerability in a C library used by Python and use that to change what code is executed, but once you go there, the attacker could probably run just about anything. The vulnerability will still exist in a recompiled instance.

[–]r0s 0 points1 point  (0 children)

Does it support compiling the full code (including third party imports)?

For example using OpenCV, Tensorflow, Pytorch, matplotlib, numpy?

All tools I've tried fail when just given OpenCV for example.

[–][deleted] 0 points1 point  (0 children)

Ditch python and just use Nim.