mod_python exception catching, other repetitious per-page actions

Fri Mar 26 15:20:08 EST 2004

Jacek Trzmiel <sc0rp at hot.pl> wrote:
> "Karl A. Krueger" wrote:
>> I'm in the middle of refactoring a small mod_python Web application,
>> which uses the Publisher handler.
> 
> I have never used Publisher handler myself.  Yes, I've read about it,
> but I've decided to not use it after seeing that I will have to
> explicitly tell which modules/functions I DON'T want external user to
> be able to run -  completely broken idea from security POV.

Actually, Publisher never exposes modules imported into yours.  It
traverses your module for names and types before exposing anything -- it
won't expose any object whose name begins with an underscore, or any
module.

(Oddly enough, it does expose exceptions, but just their string
representation.)

If anyone reading this is concerned about Publisher security, these
audit functions might help:

def AuditModuleForPublisher(module):
    import types
    for name in module.__dict__:
        object = module.__dict__[name]
        if name.startswith("_"):
            # name starts with an underscore, not exposed
            pass  
        elif type(object) == types.ModuleType:
            # object is a module, not exposed
            pass
        elif type(object) == types.FunctionType:
            print ":: Exposed function:", name
        elif isinstance(object, str) or isinstance(object, unicode):
            if "passw" in name or "PASSW" in name:
                 print "!! Your %s password is %s." % (name, object)
            else:
                print ":: Exposed string:", name
        else:
            print ":: Exposed variable:", name

A nicer one:

def SymbolsExposedToPublisher(module):
    return [ sym for sym in module.__dict__
             if (not sym.startswith("_")) 
             and (type(module.__dict__[sym]) != type(module)) ]

By enumerating the list of functions and variables you *intend* to
expose, a unit test should not be too hard to derive from this.

>> One thing I have considered is to handle _all_ the pages through a
>> single function, which would look up the specific pages by name:
> 
> If you do this then you may as well drop Publisher handler completely. 
> One handle() function will work for you.

I agree.  However, since I want the functionality of Publisher's
argument name mapping, that is not what I want to do.

-- 
Karl A. Krueger <kkrueger at example.edu>
Woods Hole Oceanographic Institution
Email address is spamtrapped.  s/example/whoi/
"Outlook not so good." -- Magic 8-Ball Software Reviews