Taint (like in Perl) as a Python module: taint.py
Gabriel Genellina
gagsl-py at yahoo.com.ar
Mon Feb 5 20:16:17 EST 2007
En Mon, 05 Feb 2007 19:13:04 -0300, Johann C. Rocholl
<jcrocholl at googlemail.com> escribió:
> The following is my first attempt at adding a taint feature to Python
> to prevent os.system() from being called with untrusted input. What do
> you think of it?
A simple reload(os) will drop all your wrapped functions, leaving the
original ones.
I suppose you don't intend to publish the SafeString class - but if anyone
can get a SafeString instance in any way or another, he can convert
*anything* into a SafeString trivially.
And tainted() returns False by default?????
Sorry but in general, this won't work :(
--
Gabriel Genellina
More information about the Python-list
mailing list