[Tutor] cgi poison detection kit
Kirk Bailey
idiot1@netzero.net
Wed, 04 Sep 2002 23:34:15 -0400
WELL, I was thinking about how evil data can trip up the unwary cgi script
author by means of an evil hacker sending in assorted escapes and other datum in
a form's input. shell scripts are NOTORIOUSLY susceptible to this, but python is
not immune. So I decided to build a function to detect evil data and abort the
program if found.
But what is evil data?
Well, let's try the paranoia express approach; any data which is not KNOWN to be
safe should be considered potentially dangerous and discarded.
def snifftest(couldbeshit): # we pass a string for testing to the function,
for lump in couldbeshit: # examine EACH char in the string passed to the
function,
if lump not in
"""abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_- """:
sys.exit("Bullshit!") # this line executes if we smell a whiff...
# else we simply return and execution continues.
Alas, I have an uninhibited mind, forgive me.
Might this be a candidate for useless python?
--
end
Respectfully,
Kirk D Bailey
+---------------------"Thou Art Free." -Eris-----------------------+
| http://www.howlermonkey.net mailto:highprimate@howlermonkey.net |
| KILL spam dead! http://www.scambusters.org/stopspam/#Pledge |
| http://www.tinylist.org +--------+ mailto:grumpy@tinylist.org |
+------------------Thinking| NORMAL |Thinking----------------------+
+--------+
-------------------------------------------
Introducing NetZero Long Distance
Unlimited Long Distance only $29.95/ month!
Sign Up Today! www.netzerolongdistance.com