rspec/rules/S4828/python/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]


== Sensitive Code Example

[source,python]
----
import os

@app.route("/kill-pid/<pid>")
def send_signal(pid):
    os.kill(pid, 9)  # Sensitive

@app.route("/kill-pgid/<pgid>")
def send_signal(pgid):
    os.killpg(pgid, 9)  # Sensitive
----

== Compliant Solution

[source,python]
----
import os

@app.route("/kill-pid/<pid>")
def send_signal(pid):
    # Validate the untrusted PID,
    # With a pre-approved list or authorization checks
    if is_valid_pid(pid):
        os.kill(pid, 9)

@app.route("/kill-pgid/<pgid>")
def send_signal(pgid):
    # Validate the untrusted PGID,
    # With a pre-approved list or authorization checks
    if is_valid_pgid(pgid):
        os.kill(pgid, 9)
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

Modify S4828: Clarify recommendations (#1269) 2022-09-28 10:23:01 +02:00
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`== Sensitive Code Example`

Modify S4828: Clarify recommendations (#1269) 2022-09-28 10:23:01 +02:00			`[source,python]`
			`----`
			`import os`

			`@app.route("/kill-pid/<pid>")`
			`def send_signal(pid):`
			`os.kill(pid, 9) # Sensitive`

			`@app.route("/kill-pgid/<pgid>")`
			`def send_signal(pgid):`
			`os.killpg(pgid, 9) # Sensitive`
			`----`

			`== Compliant Solution`

			`[source,python]`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`----`
			`import os`

Modify S4828: Clarify recommendations (#1269) 2022-09-28 10:23:01 +02:00			`@app.route("/kill-pid/<pid>")`
			`def send_signal(pid):`
			`# Validate the untrusted PID,`
			`# With a pre-approved list or authorization checks`
			`if is_valid_pid(pid):`
			`os.kill(pid, 9)`

			`@app.route("/kill-pgid/<pgid>")`
			`def send_signal(pgid):`
			`# Validate the untrusted PGID,`
			`# With a pre-approved list or authorization checks`
			`if is_valid_pgid(pgid):`
			`os.kill(pgid, 9)`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`----`

			`include::../see.adoc[]`
Make sure that includes are always surrounded by empty lines (#2270) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again. 2023-06-22 10:38:01 +02:00
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`endif::env-github,rspecator-view[]`