A4 portrait - PET: Python Entre Todos - Python Argentina

More documents

Recommendations

Info

21 How does it work? cmd = 'mail -s "Requested file" ' + usermail + ' < ' + filename os.system(cmd) Note that we need to mark the get_data function as an untrusted source (with the untrusted decorator) and os.system as a sink sensitive to Operating System Injection (OSI) attacks. Now, when we try to run the program (it’s not important if we are trying to make an attack or not) we get this message in the standard output: $ python email.py jjconti@gmail.com myNotes.txt =============================================================================== Violation in line 14 from file email.py Tainted value: mail -s "Requested file" jjconti@gmail.com < miNotes.txt ------------------------------------------------------------------------------- usermail, filename = get_data(sys.argv) cmd = 'mail -s "Requested file" ' + usermail + ' < ' + filename --> os.system(cmd) =============================================================================== The Library intercepts the execution just before the untrusted datum reach the sensitive sink and inform it. The next step is add a cleaning function to sanitize the input data: import sys import os from taintmode import untrusted, ssink, cleaner, OSI from cleaners import clean_osi clean_osi = cleaner(OSI)(clean_osi) os.system = ssink(OSI)(os.system) @untrusted def get_data(args): return [args[1], args[2]] usermail, filename = get_data(sys.argv) usermail = clean_osi(usermail) filename = clean_osi(filename) cmd = 'mail -s "Requested file" ' + usermail + ' < ' + filename os.system(cmd) In this final example we import clean_osi, a function capable to clean input data against OSI attacks and in the next line we mark it as capable of doing it (this is required by the library). Finally, we use the function to clean the program inputs. If we execute the program now, it’ll run normally. How does it work? The library uses ids for the different vulnerabilities you are working with; these are called tags. It also provides decorators to mark different parts of the program (classes, methods or functions) as any of the three elements mentioned in the section about Taint Analysis. untrusted untrusted is a decorator that indicates us the values returned by a function or method aren’t to be trusted. Untrusted values can be tainted with any vulnerability, so they are marked as tainted with all the kinds of stain. PET: English Translation (Issue 1, August 2010) — http://revista.python.org.ar
ssink 22 If you have access to the function or method definition, for example if it’s part of your codebase, the decorator can be applied using Python’s syntactic sugar: @untrusted def from_the_outside(): ... While using third-party modules, we still can apply the decorator. The next example is from a program written using the web.py framework: import web web.input = untrusted(web.input) ssink The ssink decorator must be used to mark those functions or methods that we don’t want to be reached for tainted values. We call them sensitive sinks. These sinks are sensitive to a kind of vulnerability, and must be specified when the decorator is used. For example, the Python eval function is a sensitive sink to Interpreter Injection attacks. The way we mark it as that is: eval = ssink(II)(eval) The web.py framework offers SQL Injection sensitive sink examples: import web db = web.database(dbn="sqlite", db=DB_NAME) db.delete = ssink(SQLI)(db.delete) db.select = ssink(SQLI)(db.select) db.insert = ssink(SQLI)(db.insert) Like the rest of decorators, if the sensitive sink is defined in our code, we can use syntactic sugar: @ssink(XSS): def render_answer(input): ... The decorator can also be used without specifying a vulnerability. In this case, the sink is marked as sensitive to every kind of vulnerability, although this is not a very common use case: @ssink(): def very_sensitive(input): ... When an X tainted value reaches an X sensitive sink, we are facing the existence of a vulnerability and an appropriated mechanism is executed. cleaner cleaner is a decorator used to tell that a method or function is able to clean stains on a value. For example, the plain_text function removes HTML code from its input and returns the new clean value: >>> plain_text("This is bold") 'This is bold' >>> plain_text("Click here") 'Click here' PET: English Translation (Issue 1, August 2010) — http://revista.python.org.ar
Page 1 and 2: PET: English Translation The magazi
Page 3 and 4: All articles are (c) their authors,
Page 5 and 6: How you can help PET 2 On July 25th
Page 7 and 8: Going on with the story 4 borders,
Page 9 and 10: from gc import commonsense - Finish
Page 11 and 12: Circular references 8 The usefulnes
Page 13 and 14: Context managers 10 Context manager
Page 15 and 16: Context managers 12 print "Starting
Page 17 and 18: Introduction to Unit Testing with P
Page 19 and 20: How should the test be? 16 raise No
Page 21 and 22: How should the test be? 18 test_fin
Page 23: How to use it? 20 intercepted and m
Page 27 and 28: Applied Dynamism 24 Python Argentin
Page 29 and 30: First “non-dynamic” solution 26
Page 31 and 32: Ingredients 28 In this article i’
Page 33 and 34: Decorator functions without argumen
Page 35 and 36: Decorator classes with arguments 32
Page 37 and 38: Installing Web2Py 34 • Straightfo
Page 39 and 40: Administrative Interface 36 This pa
Page 41 and 42: Summary: 38 Summary: In this articl
Page 43 and 44: Feedback and Clarifications 40 inpu

A4 portrait - PET: Python Entre Todos - Python Argentina

Create successful ePaper yourself

Delete template?

Save as template?