It is generally it is a good minimise the trust given to any particular piece software, and this especially applies when using a diverse set of packages prepared by many different organisations and individual community members. Here are notes on completely isolating Python and any needed selection of pip-installable packages.

A two stage processes is needed:

  1. First an isolated environment with network access to download the required Python packages. NB this environment has no access to any local data
  2. Subsequently an isolated environment without network access but with access to selected local data and to selected local software

Bot stages are easily implemented using Windows sanboxes.

Downloading software

I use a sandbox file as follows (save the file with .wsb extension and then it can be executed with a double click):

<Configuration>
  <MemoryInMB>8000</MemoryInMB>
  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Users\bojan\soft\incoming</HostFolder>
      <SandboxFolder>C:\Users\WDAGUtilityAccount\soft</SandboxFolder>
    </MappedFolder>
  </MappedFolders>  
</Configuration>

The after starting this sandbox, install python:

cd soft
wget https://www.python.org/ftp/python/3.12.1/python-3.12.1-amd64.exe -OutFile python-3.12.1-amd64.exe
.\python-3.12.1-amd64.exe  /passive TargetDir=c:\python  Shortcuts=0 Include_debug=0 Include_launcher=0 Include_tcltk=0

Final step is to download all the packages and their needed dependencies using the pip download command. For example, to download all the packages to develop in Python using jupyter notebooks use this command:

cd ~\soft
C:\python\Scripts\pip download jupyter -d .

Or if you have a requirements.txt file, copy it to the sandbox and then use:

cd ~\soft
C:\python\Scripts\pip download -r requirements.txt -d .

Consolidate

The software is now in C:\Users\bojan\soft\incoming . Now, shutdown the sandbox and in the normal windows desktop copy the downloaded software to a consolidated repo, e.g., : C:\Users\bojan\soft\main.

Development environment

Now can easily start the development environment. If the necessary data are in C:\Users\bojan\data\proj1 make them available read-only to the sandbox, while the code being developed is in C:\Users\bojan\source\repos\proj1 and is writable:

<Configuration>
  <Networking>Disable</Networking>
  <MemoryInMB>8000</MemoryInMB>
  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Users\bojan\soft\main</HostFolder>
      <SandboxFolder>C:\Users\WDAGUtilityAccount\soft</SandboxFolder>
      <ReadOnly>true</ReadOnly>      
    </MappedFolder>
    <MappedFolder>
      <HostFolder>C:\Users\bojan\data\proj1</HostFolder>
      <SandboxFolder>C:\Users\WDAGUtilityAccount\data</SandboxFolder>
      <ReadOnly>true</ReadOnly>      
    </MappedFolder>	
    <MappedFolder>
      <HostFolder>C:\Users\bojan\source\repos\proj1</HostFolder>
      <SandboxFolder>C:\Users\WDAGUtilityAccount\proj1</SandboxFolder>
    </MappedFolder>		
  </MappedFolders>  
</Configuration>

Now start the sandbox and install the software.

cd ~\soft
.\python-3.12.1-amd64.exe  /passive TargetDir=c:\python  Shortcuts=0 Include_debug=0 Include_launcher=0 Include_tcltk=0 | Out-Null
C:\python\Scripts\pip install jupyter --no-index --find-links .
cd ~\proj1
C:\python\Scripts\jupyter notebook

See this StackOverflow regarding | Out-Null.

Conclusion

The described method allows developing and running large Python applications, e.g., for data processing, while reducing various risks. For example the third-party Python packages have no access at all to the network (so data exfiltration is much harder) and have no access at all to the main Windows system except to the carefully specified source-code directory.

Need more help?

Services related to Python software packaging: https://bnikolic.co.uk/2023/05/22/python-ssc