[Python-checkins] r51939 - python/branches/bcannon-objcap/Lib/test/security/evil__del__.py python/branches/bcannon-objcap/Lib/test/security/evil__str__.py

brett.cannon python-checkins at python.org
Thu Sep 21 01:13:06 CEST 2006 

Author: brett.cannon
Date: Thu Sep 21 01:13:05 2006
New Revision: 51939

Added:
   python/branches/bcannon-objcap/Lib/test/security/evil__str__.py   (contents, props changed)
Modified:
   python/branches/bcannon-objcap/Lib/test/security/evil__del__.py
Log:
Add another security test where an exception is defined with a malicious
__str__() method.  Turns out to be a bad thing.

Also update __del__() test to have nicer output.


Modified: python/branches/bcannon-objcap/Lib/test/security/evil__del__.py
==============================================================================
--- python/branches/bcannon-objcap/Lib/test/security/evil__del__.py	(original)
+++ python/branches/bcannon-objcap/Lib/test/security/evil__del__.py	Thu Sep 21 01:13:05 2006
@@ -4,7 +4,6 @@
 
 class Evil(object):
 
-    builtin = __builtin__.__dict__
     stdout = sys.stdout
     NameError = NameError
     BaseException = BaseException
@@ -16,40 +15,28 @@
         self.num = num
 
     def __del__(self):
-        if 'open' in self.builtin:
-            self.stdout.write('(%s) First Evil!\n' % self.num)
-        else:
-            self.stdout.write("(%s) First Good!\n" % self.num)
-        self.stdout.flush()
-
+        # Uses context of where deletion occurs, or where object defined?
+        # __import__() might be gone and thus raise a
+        # TypeError when trying to call it when it has been set to None.
+        try:
+            import __builtin__
+            if 'open' in __builtin__.__dict__:
+                self.stdout.write("Evil 2!\n")
+                self.stdout.flush()
+        except self.TypeError:
+            pass
         try:
             temp = open
         except self.NameError:
-            self.stdout.write("(%s) Second Good!\n" % self.num)
-        except self.BaseException, exc:
-            self.stdout.write("Unexpected exception: %r\n" % exc)
+            pass
         else:
-            self.stdout.write("(%s) Second Evil!\n" % self.num)
-        finally:
+            self.stdout.write("Evil 3!\n")
             self.stdout.flush()
-        try:
-            import __builtin__
-            temp = __builtin__.__dict__['open']
-            self.stdout.write("(%s) Third Evil!\n" % self.num)
-        except self.ImportError:
-            self.stdout.write("(%s) Third Good!\n" % self.num)
-        except self.KeyError:
-            self.stdout.write("(%s) Third Good!\n" % self.num)
-        except self.TypeError:
-            self.stdout.write("(%s) Third Good!\n" % self.num)
-        except self.BaseException, exc:
-            self.stdout.write("Unexpected exception (2): %r\n" % exc)
-        finally:
-            self.stdout.flush()
-
+            
 
 # Deletion in own scope.
-Evil(0)
+print "Creation in sub-interpreter's global scope, deletion from interpreter cleanup ..."
+temp = Evil(0)
 
 # Cleanup of interpreter.
 __builtin__.__dict__['evil1'] = Evil(1)
@@ -64,19 +51,15 @@
 import gc
 
 interp = interpreter.Interpreter()
-print 'Same builtins?:', ('no' if id(__builtin__.__dict__) !=
-                            id(interp.builtins) else 'yes')
-del interp.builtins['open']
+del interp.builtins()['open']
 gc.collect()
 if 'open' not in __builtin__.__dict__:
     print "'open()' missing!"
-print 'Running interpreter ...'
 interp.execute(evil_str)
 
-evil2 = interp.builtins['evil2']
-evil3 = interp.builtins['evil3']
+evil2 = interp.builtins()['evil2']
+evil3 = interp.builtins()['evil3']
 
-print 'Deleting interpreter ...'
 del interp
 gc.collect()
 

Added: python/branches/bcannon-objcap/Lib/test/security/evil__str__.py
==============================================================================
--- (empty file)
+++ python/branches/bcannon-objcap/Lib/test/security/evil__str__.py	Thu Sep 21 01:13:05 2006
@@ -0,0 +1,65 @@
+"""How evil can we be with an exception that defines a __str__() method?"""
+
+evil_source = '''
+import __builtin__
+
+class EvilException(Exception):
+    
+    """Try to be evil!"""
+    
+    def __str__(self):
+        # Does this get it where the exception is used, or where the class was
+        #defined?
+        import __builtin__
+        if 'open' in __builtin__.__dict__:
+            print "Evil 2!"
+        # Just try to get it directly from the built-in namespace.
+        try:
+            temp = open
+        except NameError:
+            pass
+        else:
+            print "Evil 3!"
+            
+        return "Evil exception!!!"
+        
+__builtins__.__dict__['evil_cls'] = EvilException
+__builtins__.__dict__['evil_inst'] = EvilException()
+'''
+
+import interpreter
+
+interp = interpreter.Interpreter()
+del interp.builtins()['open']
+interp.execute(evil_source)
+
+slave_cls = interp.builtins()['evil_cls']
+slave_inst = interp.builtins()['evil_inst']
+master_inst = slave_cls()
+
+print "Raising slave class ..."
+try:
+    raise slave_cls
+except Exception, exc:
+    print exc
+    
+print "Raising slave instance ..."
+try:
+    raise slave_inst
+except Exception, exc:
+    print exc
+    
+print "Raising master instance ..."
+try:
+    raise master_inst
+except Exception, exc:
+    print exc
+    
+print "Just printing from the class ..."
+print slave_cls
+
+print "Just printing from the slave instance ..."
+print slave_inst
+
+print "Just printing from the master instance ..."
+print master_inst
\ No newline at end of file

More information about the Python-checkins mailing list