import pipes
import os
import taint

def raw_input():
  # a function which gets something user-supplied from the network, let's use
  # the following string as an example: 'google.com'. If the user would be
  # malicious he could supply a shell injection string like 'google.com;killall
  # python'.
  return 'google.com'

class ShellMerit(Merit):
  '''A string has been cleaned for usage as a shell parameter'''
  propagation = Merit.FullPropagation

taint.enable('example_simple.json')

s = raw_input()
s = pipes.quote(s)  # pipes.quote returns shell escaped version of s
c = 'host ' + s

os.system(c)
示例#2
0
import pipes
import os
import taint


def raw_input():
    # a function which gets something user-supplied from the network, let's use
    # the following string as an example: 'google.com'. If the user would be
    # malicious he could supply a shell injection string like 'google.com;killall
    # python'.
    return 'google.com'


class ShellMerit(Merit):
    '''A string has been cleaned for usage as a shell parameter'''
    propagation = Merit.FullPropagation


taint.enable('example_simple.json')

s = raw_input()
s = pipes.quote(s)  # pipes.quote returns shell escaped version of s
c = 'host ' + s

os.system(c)
示例#3
0
            fh = open('/tmp/db', 'w')
            fh.write(params['value'][0])
            fh.close()

            self.send_response("stored")
        elif path == '/get':
            fh = open('/tmp/db', 'r')
            data = fh.read()
            data = data.taint()
            fh.close()

            self.send_response("stored: %s" % (data))

        # Example 6 -- Arbritary File Read
        # TODO
        # Example 7 -- Arbritary File Write
        # TODO
        self.wfile.close()


taint.enable('example_practical.json')
SECRET_KEY = SECRET_KEY.taint()  # Manually taint this string

try:
    server = HTTPServer(('localhost', 8888), Handler)
    print('Started http server')
    server.serve_forever()
except KeyboardInterrupt:
    print('^C received, shutting down server')
    server.socket.close()
示例#4
0
def test_main():
    taint.enable(CONFIG_1)
    test_support.run_unittest(DecoratorTest, SimplePatcherTest,
                              ImportedObjectsPatchingTest, ConfigValidation,
                              PropagationContextsTest, PropagatorTest,
                              OptionsTest)
示例#5
0
 def setUp(self):
     taint.enable(CONFIG_4)
    elif path == '/store':
      fh = open('/tmp/db','w')
      fh.write(params['value'][0])
      fh.close()

      self.send_response("stored")
    elif path == '/get':
      fh = open('/tmp/db','r')
      data = fh.read()
      data = data.taint()
      fh.close()

      self.send_response("stored: %s" % (data))

    # Example 6 -- Arbritary File Read
    # TODO
    # Example 7 -- Arbritary File Write
    # TODO
    self.wfile.close()

taint.enable('example_practical.json')
SECRET_KEY = SECRET_KEY.taint()  # Manually taint this string

try:
  server = HTTPServer(('localhost', 8888), Handler)
  print('Started http server')
  server.serve_forever()
except KeyboardInterrupt:
  print('^C received, shutting down server')
  server.socket.close()