oss-fuzz

Commit Graph

Author	SHA1	Message	Date
DavidKorczynski	c83e209ea1	pysecsan: add framework for python sanitization (#8480 ) Foundations for doing Python sanitization. It's achieved by hooking Python functions and attributes on Python objects (see the ReDoS example for this). The Pysan package can be installed with `python3 -m pip install .` and `python3 -m pip install pysecsan` , so it should be easy to start deploying this selectively on projects in OSS-Fuzz. Currently there are sanitizers for - code injection - regex dos - insecure yaml deserialization. I've included several example targets for code injections, e.g. the pytorch-lightning example from SystemSan, and ReDoS. The package on pypi: https://pypi.org/project/pysecsan Signed-off-by: David Korczynski <david@adalogics.com>	2022-10-28 13:29:47 +01:00

Author

SHA1

Message

Date

DavidKorczynski

c83e209ea1

pysecsan: add framework for python sanitization (#8480 )

Foundations for doing Python sanitization. It's achieved by hooking
Python functions and attributes on Python objects (see the ReDoS example
for this). The Pysan package can be installed with `python3 -m pip
install .` and `python3 -m pip install pysecsan` , so it should be easy
to start deploying this selectively on projects in OSS-Fuzz.

Currently there are sanitizers for
- code injection
- regex dos
- insecure yaml deserialization.

I've included several example targets for code injections, e.g. the
pytorch-lightning example from SystemSan, and ReDoS.

The package on pypi: https://pypi.org/project/pysecsan

Signed-off-by: David Korczynski <david@adalogics.com>

2022-10-28 13:29:47 +01:00

1 Commits