CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A taint mode for python via a library

J.J. Conti ; Alejandro Russo (Institutionen för data- och informationsteknik, Datavetenskap (Chalmers))
Lecture Notes in Computer Science: 15th Nordic Conference on Secure IT Systems, NordSec 2010; Espoo; Finland; 27 October 2010 through 29 October 2010 (03029743). Vol. 7127 (2010), p. 210-222.
[Konferensbidrag, refereegranskat]

Vulnerabilities in web applications present threats to on-line systems. SQL injection and cross-site scripting attacks are among the most common threats found nowadays. These attacks are often result of improper or none input validation. To help discover such vulnerabilities, popular web scripting languages like Perl, Ruby, PHP, and Python perform taint analysis. Such analysis is often implemented as an execution monitor, where the interpreter needs to be adapted to provide a taint mode. However, modifying interpreters might be a major task in its own right. In fact, it is very probably that new releases of interpreters require to be adapted to provide a taint mode. Differently from previous approaches, we show how to provide taint analysis for Python via a library written entirely in Python, and thus avoiding modifications in the interpreter. The concepts of classes, decorators and dynamic dispatch makes our solution lightweight, easy to use, and particularly neat. With minimal or none effort, the library can be adapted to work with different Python interpreters.



Denna post skapades 2015-05-04. Senast ändrad 2016-07-25.
CPL Pubid: 216267

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)