fix(query): fix recusive wrapper codes in python udf (#18219)

sundy-li · web-flow · commit 371d0fe524d2 · 2025-06-23T18:12:25.000+08:00
diff --git a/src/query/service/src/pipelines/processors/transforms/transform_udf_script.rs b/src/query/service/src/pipelines/processors/transforms/transform_udf_script.rs
@@ -255,31 +255,32 @@ import os
 import sys
 from pathlib import Path
 
-ALLOWED_BASE = Path("/tmp")
+import builtins, sys
+if "DATABEND_RESTRICTED_PYTHON" not in sys._xoptions:
+    sys._xoptions['DATABEND_RESTRICTED_PYTHON'] = '1'
 
-_original_open = open
-_original_os_open = os.open if hasattr(os, 'open') else None
+    ALLOWED_BASE = Path("/tmp")
+    _original_open = open
+    _original_os_open = os.open if hasattr(os, 'open') else None
 
-def safe_open(file, mode='r', **kwargs):
-    file_path = Path(file).resolve()
+    def safe_open(file, mode='r', **kwargs):
+        file_path = Path(file).resolve()
 
-    try:
-        file_path.relative_to(ALLOWED_BASE)
-    except ValueError:
-        raise PermissionError(f"Access denied: {file} is outside allowed directory")
+        try:
+            file_path.relative_to(ALLOWED_BASE)
+        except ValueError:
+            raise PermissionError(f"Access denied: {file} is outside allowed directory")
 
-    return _original_open(file, mode, **kwargs)
+        return _original_open(file, mode, **kwargs)
 
-def safe_os_open(path, flags, mode=0o777):
-    file_path = Path(path).resolve()
-    try:
-        file_path.relative_to(ALLOWED_BASE)
-    except ValueError:
-        raise PermissionError(f"Access denied: {path} is outside allowed directory")
-    return _original_os_open(path, flags, mode)
+    def safe_os_open(path, flags, mode=0o777):
+        file_path = Path(path).resolve()
+        try:
+            file_path.relative_to(ALLOWED_BASE)
+        except ValueError:
+            raise PermissionError(f"Access denied: {path} is outside allowed directory")
+        return _original_os_open(path, flags, mode)
 
-import builtins, sys
-if "DATABEND_RESTRICTED_PYTHON" not in sys._xoptions:
     builtins.open = safe_open
     if _original_os_open:
         os.open = safe_os_open
@@ -288,7 +289,6 @@ if "DATABEND_RESTRICTED_PYTHON" not in sys._xoptions:
     for module in dangerous_modules:
         if module in sys.modules:
             del sys.modules[module]
-    sys._xoptions['DATABEND_RESTRICTED_PYTHON'] = '1'
 "#;
 
     impl RuntimeBuilder<arrow_udf_runtime::python::Runtime> for PyRuntimeBuilder {
