44 lines
1.2 KiB
Plaintext
44 lines
1.2 KiB
Plaintext
== How to fix it in Paramiko
|
|
|
|
=== Code examples
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
In the following example, if the *host* request parameter contains system
|
|
shell control characters, the expected `ping` command behavior will be changed.
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,python,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
client = SSHClient()
|
|
client.connect("example.org", username=USER, password=PASS)
|
|
client.exec_command(request.args.get("cmd")) # Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,python,diff-id=1,diff-type=compliant]
|
|
----
|
|
client = SSHClient()
|
|
client.connect("example.org", username=USER, password=PASS)
|
|
|
|
DIAG_CMD=["/bin/ping -c 1 -- %s", "/bin/host -- %s"]
|
|
cmd = DIAG_CMD[int(request.args.get('cmdId'))]
|
|
cmd = cmd % shlex.quote(request.args.get('host'))
|
|
client.exec_command(cmd)
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/introduction.adoc[]
|
|
|
|
include::../../common/fix/pre-approved-list.adoc[]
|
|
|
|
:sanitizationLib: shlex
|
|
include::../../common/fix/sanitize-meta-characters.adoc[]
|
|
|
|
In the example compliant code, the `quote` function from the `shlex` is used to
|
|
encode the user-controlled command argument. It escapes argument delimiters
|
|
and shell control characters.
|