可利用的Python函数 [英] Exploitable Python Functions

问题描述

此问题类似于可利用的PHP函数。

污染的数据来自用户，或更具体地说是攻击者。当受污染的变量到达接收器函数时，您将遇到漏洞。例如，执行sql查询的函数是一个接收器，而GET / POST变量是污点的来源。

Tainted data comes from the user, or more specifically an attacker. When a tainted variable reaches a sink function, then you have a vulnerability. For instance a function that executes a sql query is a sink, and GET/POST variables are sources of taint.

Python中所有接收器函数是什么？我正在寻找引入漏洞或软件漏洞的函数。我对远程执行代码漏洞特别感兴趣。是否有整个类/模块在功能上包含危险？您是否有有趣的Python漏洞示例？

What are all of the sink functions in Python? I am looking for functions that introduce a vulnerability or software weakness. I am particularly interested in Remote Code Execution vulnerabilities. Are there whole classes/modules that contain dangerous functionally? Do you have any examples of interesting Python vulnerabilities?

推荐答案

eval 和 exec 是经典。但是，打开和文件也可能被滥用：

eval and exec are the classics. However, open and file can be abused too:

open('/proc/kcore', 'w').write('0' * 1000 * 1000 * 1000)

然后有 os ， sys ，子进程和 dircache 模块。几乎所有触及文件系统或可用于将数据转换为可执行代码的东西（例如 os.system ）都将列在列表中。

Then there are the os, sys, subprocess, and dircache modules. Pretty much anything that touches the filesystem or can be used to turn data into executable code (like os.system) is going to be on the list.

写入文件系统和执行任意外部程序不是特定于Python的。但是，它们值得安全审核员考虑。这些功能中的大多数都可以安全使用，而不必太担心安全性。另一方面， eval 和 exec 是很大的危险信号。安全使用它们需要细致的照顾。

As S. Lott pointed out in the comments, writing to the filesystem and executing arbitrary external programs aren't Python-specific. However, they are worth security auditors' consideration. Most of these functions can be safely used without too much concern for security. eval and exec, on the other hand, are great big red flags. Using them safely requires meticulous care.

这篇关于可利用的Python函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！