2023-03-07 17:16:47 +01:00
|
|
|
== How to fix it in Python Standard Library
|
|
|
|
|
|
|
|
|
|
=== Code examples
|
2022-11-04 09:20:52 +01:00
|
|
|
|
|
|
|
|
The following code is vulnerable to deserialization attacks because it
|
|
|
|
|
deserializes HTTP data without validating it first.
|
|
|
|
|
|
|
|
|
|
==== Noncompliant code example
|
|
|
|
|
|
|
|
|
|
[source,python,diff-id=1,diff-type=noncompliant]
|
|
|
|
|
----
|
2024-03-27 15:57:47 +01:00
|
|
|
from flask import Flask, request
|
|
|
|
|
from base64 import b64decode
|
|
|
|
|
import pickle
|
|
|
|
|
|
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
|
|
|
|
|
@app.route("/example")
|
|
|
|
|
def example():
|
2022-11-04 09:20:52 +01:00
|
|
|
objstr = b64decode(request.args.get("object"))
|
|
|
|
|
obj = pickle.loads(objstr)
|
|
|
|
|
return str(obj.status == "OK")
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
==== Compliant solution
|
|
|
|
|
|
|
|
|
|
[source,python,diff-id=1,diff-type=compliant]
|
|
|
|
|
----
|
2024-03-27 15:57:47 +01:00
|
|
|
from flask import Flask, request
|
|
|
|
|
import json
|
|
|
|
|
|
|
|
|
|
app = Flask(__name__)
|
|
|
|
|
|
|
|
|
|
@app.route("/example")
|
|
|
|
|
def example():
|
2022-11-04 09:20:52 +01:00
|
|
|
obj = json.loads(request.args.get("object"))
|
|
|
|
|
return str(obj["status"] == "OK")
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
=== How does this work?
|
|
|
|
|
|
|
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../../common/fix/safer-serialization.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../../common/fix/integrity-check.adoc[]
|
|
|
|
|
|
|
|
|
|
|
