Secure Python code - volunteers for code review?
Andrew Clover
and-google at doxdesk.com
Wed Oct 13 11:05:56 EDT 2004
Josiah Carlson <jcarlson at uci.edu> wrote:
> Either way, unencoded/unprepared data may bork you.
Indeed, but I don't see any of that in a quick flick through Andrew's
code. All the literal values are getting passed through the standard
DBAPI substitution layer, so should be completely safe.
The only thing I noticed just briefly looking at it was the call to
os.popen with command '"antiword " + fn'. Creating system commands by
simple string concatenation is v. dodgy.
It turns out in this case that 'fn' is coming directly from
tempfile.mkstemp so there probably isn't going to be a security issue
in practice, but depending on the path of the temp directory and what
characters are escapes I guess this could fail on some platforms, or
something. In any case it makes me feel uneasy. :-)
Of course, Andrew will also have to be sure that there are no buffer
overflows or other issues in the 'antiword' program that could allow a
maliciously-crafted .doc file to execute arbitrary code.
--
Andrew Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/
More information about the Python-list
mailing list