~ubuntu-branches/ubuntu/wily/bandit/wily-proposed

« back to all changes in this revision

Viewing changes to examples/wildcard-injection.py

Committer: Package Import Robot
Author(s): Dave Walker (Daviey)
Date: 2015-07-22 09:01:39 UTC
Revision ID: package-import@ubuntu.com-20150722090139-fl0nluy0x8m9ctx4

Tags: upstream-0.12.0

Import upstream version 0.12.0

files added:

.gitignore

.gitreview

.testr.conf

AUTHORS

LICENSE

README.md

bandit

bandit/__init__.py

bandit/bandit.py

bandit/config

bandit/config/bandit.yaml

bandit/core

bandit/core/__init__.py

bandit/core/config.py

bandit/core/constants.py

bandit/core/context.py

bandit/core/extension_loader.py

bandit/core/formatters.py

bandit/core/manager.py

bandit/core/meta_ast.py

bandit/core/node_visitor.py

bandit/core/objects.py

bandit/core/result_store.py

bandit/core/test_properties.py

bandit/core/test_set.py

bandit/core/tester.py

bandit/core/utils.py

bandit/plugins

bandit/plugins/__init__.py

bandit/plugins/asserts.py

bandit/plugins/blacklist_calls.py

bandit/plugins/blacklist_imports.py

bandit/plugins/crypto_random.py

bandit/plugins/crypto_request_no_cert_validation.py

bandit/plugins/exec.py

bandit/plugins/exec_as_root.py

bandit/plugins/general_bad_file_permissions.py

bandit/plugins/general_bind_all_interfaces.py

bandit/plugins/general_hardcoded_password.py

bandit/plugins/general_hardcoded_tmp.py

bandit/plugins/injection_shell.py

bandit/plugins/injection_sql.py

bandit/plugins/injection_wildcard.py

bandit/plugins/insecure_ssl_tls.py

bandit/plugins/jinja2_templates.py

bandit/plugins/mako_templates.py

bandit/plugins/secret_config_option.py

bandit/plugins/xml.py

docs

docs/exec.md

docs/jinja2.md

docs/ssl_tls.md

docs/temp.md

docs/xml.md

docs/yaml.md

examples

examples/assert.py

examples/binding.py

examples/crypto-md5.py

examples/eval.py

examples/exec-as-root.py

examples/exec-py2.py

examples/exec-py3.py

examples/hardcoded-passwords.py

examples/hardcoded-tmp.py

examples/httplib_https.py

examples/imports-aliases.py

examples/imports-from.py

examples/imports-function.py

examples/imports-telnetlib.py

examples/imports.py

examples/jinja2_templating.py

examples/mako_templating.py

examples/marshal_deserialize.py

examples/mktemp.py

examples/multiline-str.py

examples/nonsense.py

examples/okay.py

examples/os-chmod-py2.py

examples/os-chmod-py3.py

examples/os-exec.py

examples/os-popen.py

examples/os-spawn.py

examples/os-startfile.py

examples/os_system.py

examples/paramiko_injection.py

examples/pickle_deserialize.py

examples/popen_wrappers.py

examples/random_module.py

examples/requests-ssl-verify-disabled.py

examples/secret-config-option.py

examples/skip.py

examples/sql_statements_with_sqlalchemy.py

examples/sql_statements_without_sql_alchemy.py

examples/ssl-insecure-version.py

examples/subprocess_shell.py

examples/urlopen.py

examples/utils-shell.py

examples/wildcard-injection.py

examples/xml_etree_celementtree.py

examples/xml_etree_elementtree.py

examples/xml_expatbuilder.py

examples/xml_expatreader.py

examples/xml_lxml.py

examples/xml_minidom.py

examples/xml_pulldom.py

examples/xml_sax.py

examples/xml_xmlrpc.py

examples/yaml_load.py

requirements.txt

scripts

scripts/main.py

setup.cfg

setup.py

test-requirements.txt

tests

tests/__init__.py

tests/test_basic.py

tests/test_functional.py

tests/test_node_visitor.py

tests/test_util.py

tox.ini

wordlist

wordlist/default-passwords

Show diffs side-by-side

added added

removed removed

examples/wildcard-injection.py

import os as o

import subprocess as subp

# Vulnerable to wildcard injection

o.system("tar xvzf *")

o.system('chown *')

o.popen2('chmod *')

subp.Popen('chown *', shell=True)

# Not vulnerable to wildcard injection

subp.Popen('rsync *')

subp.Popen("chmod *")

subp.Popen(['chown', '*'])

subp.Popen(["chmod", sys.argv[1], "*"],

stdin=subprocess.PIPE, stdout=subprocess.PIPE)

o.spawnvp(os.P_WAIT, 'tar', ['tar', 'xvzf', '*'])

Older »