Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/infra/sanitizers/pysecsan/README.md

4 lines
76 B
Markdown
Raw Normal View History

pysecsan: add framework for python sanitization (#8480) Foundations for doing Python sanitization. It's achieved by hooking Python functions and attributes on Python objects (see the ReDoS example for this). The Pysan package can be installed with `python3 -m pip install .` and `python3 -m pip install pysecsan` , so it should be easy to start deploying this selectively on projects in OSS-Fuzz. Currently there are sanitizers for - code injection - regex dos - insecure yaml deserialization. I've included several example targets for code injections, e.g. the pytorch-lightning example from SystemSan, and ReDoS. The package on pypi: https://pypi.org/project/pysecsan Signed-off-by: David Korczynski <david@adalogics.com>
2022-10-28 12:29:47 +00:00
# pysecsan
Security sanitizers for vulnerability detection during runtime.