Ejemplo n.º 1
0
    def test_sf_payload(self):
        with self.assertRaises(spickle.UnpicklingError):
            def nasty(module, function, *args):
                return pickle.dumps(new.classobj(function, (), {
                    '__getinitargs__': lambda self, arg=args: arg,
                    '__module__': module
                })())

            t = nasty("subprocess", "Popen", ("/bin/ls", "/tmp"))
            spickle.loads(t)
Ejemplo n.º 2
0
    def test_sf_payload(self):
        with self.assertRaises(spickle.UnpicklingError):

            def nasty(module, function, *args):
                return pickle.dumps(
                    new.classobj(
                        function, (), {
                            '__getinitargs__': lambda self, arg=args: arg,
                            '__module__': module
                        })())

            t = nasty("subprocess", "Popen", ("/bin/ls", "/tmp"))
            spickle.loads(t)
Ejemplo n.º 3
0
 def test_corrupt_object_dict_update(self):
     with self.assertRaises(spickle.UnpicklingError):
         spickle.loads(
             spickle.loads(
                 "cspickle\n_EmptyClass\n(}(S'__dict__'\ncrequests\ncodes\npcache\n(}(S'update'\ncsubprocess\ncall\ndtbdtb(gcache\n(Vsh\nNu}tb."
             ))
Ejemplo n.º 4
0
 def test_set_state_abuse(self):
     with self.assertRaises(spickle.UnpicklingError):
         spickle.loads(
             "cspickle\nsys\n(}(S'__setstate__'\ncos\nsystem\ndtbS'ls'\nb.")
Ejemplo n.º 5
0
 def test_integer(self):
     self.assertEqual(5, spickle.loads(pickle.dumps(5)))
Ejemplo n.º 6
0
 def test_functionality_remains(self):
     c = pickle.dumps(Macavity())
     self.assertEqual(spickle.loads(c).__class__, Macavity().__class__)
Ejemplo n.º 7
0
 def test_dictionary(self):
     d = {"a": 1, "b": 2, "c": 3}
     self.assertEqual(d, spickle.loads(pickle.dumps(d)))
Ejemplo n.º 8
0
 def test_tuple(self):
     self.assertEqual((1, 3, ("hello", 5.0)),
                      spickle.loads(pickle.dumps((1, 3, ("hello", 5.0)))))
Ejemplo n.º 9
0
 def test_basic_attack(self):
     c = pickle.dumps(RunBinSh())
     with self.assertRaises(spickle.UnpicklingError):
         spickle.loads(c)
Ejemplo n.º 10
0
 def test_dictionary(self):
     d = {"a": 1, "b": 2, "c": 3}
     self.assertEqual(d, spickle.loads(pickle.dumps(d)))
Ejemplo n.º 11
0
 def test_object_with_dict(self):
     d = HasDict()
     self.assertEqual(d.d, spickle.loads(pickle.dumps(d)).d)
Ejemplo n.º 12
0
 def test_list(self):
     l = [1, 2, 3, 4, 5, "hello", (9, 8, 3)]
     self.assertEqual(l, spickle.loads(pickle.dumps(l)))
Ejemplo n.º 13
0
 def test_tuple(self):
     self.assertEqual((1, 3, ("hello", 5.0)), spickle.loads(pickle.dumps((1, 3, ("hello", 5.0)))))
Ejemplo n.º 14
0
 def test_string(self):
     self.assertEqual("ohai ;)", spickle.loads(pickle.dumps("ohai ;)")))
Ejemplo n.º 15
0
 def test_integer(self):
     self.assertEqual(5, spickle.loads(pickle.dumps(5)))
Ejemplo n.º 16
0
 def test_functionality_remains(self):
     c = pickle.dumps(Macavity())
     self.assertEqual(spickle.loads(c).__class__, Macavity().__class__)
Ejemplo n.º 17
0
 def test_string(self):
     self.assertEqual("ohai ;)", spickle.loads(pickle.dumps("ohai ;)")))
Ejemplo n.º 18
0
 def test_legitimate_global_assignment(self):
     spickle.loads(spickle.dumps(LegitimateGlobalAssignment()))
Ejemplo n.º 19
0
 def test_list(self):
     l = [1, 2, 3, 4, 5, "hello", (9, 8, 3)]
     self.assertEqual(l, spickle.loads(pickle.dumps(l)))
Ejemplo n.º 20
0
 def test_global_assignment_attack(self):
     with self.assertRaises(spickle.UnpicklingError):
         spickle.loads("cspickle\n__dict__\nS'mloads'\ncos\nsystem\nsJ;ls;.")
Ejemplo n.º 21
0
 def test_object_with_dict(self):
     d = HasDict()
     self.assertEqual(d.d, spickle.loads(pickle.dumps(d)).d)
Ejemplo n.º 22
0
 def test_set_state_abuse(self):
     with self.assertRaises(spickle.UnpicklingError):
         spickle.loads("cspickle\nsys\n(}(S'__setstate__'\ncos\nsystem\ndtbS'ls'\nb.")
Ejemplo n.º 23
0
 def test_basic_attack(self):
     c = pickle.dumps(RunBinSh())
     with self.assertRaises(spickle.UnpicklingError):
         spickle.loads(c)
Ejemplo n.º 24
0
 def test_global_assignment_attack(self):
     with self.assertRaises(spickle.UnpicklingError):
         spickle.loads(
             "cspickle\n__dict__\nS'mloads'\ncos\nsystem\nsJ;ls;.")
Ejemplo n.º 25
0
 def test_legitimate_global_assignment(self):
     spickle.loads(spickle.dumps(LegitimateGlobalAssignment()))
Ejemplo n.º 26
0
 def test_corrupt_object_dict_update(self):
     with self.assertRaises(spickle.UnpicklingError):
         spickle.loads(spickle.loads("cspickle\n_EmptyClass\n(}(S'__dict__'\ncrequests\ncodes\npcache\n(}(S'update'\ncsubprocess\ncall\ndtbdtb(gcache\n(Vsh\nNu}tb."))