oss-fuzz/infra/sanitizers/pysecsan/tests
DavidKorczynski c83e209ea1
pysecsan: add framework for python sanitization (#8480)
Foundations for doing Python sanitization. It's achieved by hooking
Python functions and attributes on Python objects (see the ReDoS example
for this). The Pysan package can be installed with `python3 -m pip
install .` and `python3 -m pip install pysecsan` , so it should be easy
to start deploying this selectively on projects in OSS-Fuzz.

Currently there are sanitizers for
- code injection
- regex dos
- insecure yaml deserialization.

I've included several example targets for code injections, e.g. the
pytorch-lightning example from SystemSan, and ReDoS.

The package on pypi: https://pypi.org/project/pysecsan

Signed-off-by: David Korczynski <david@adalogics.com>
2022-10-28 13:29:47 +01:00
..
poe pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
README.md pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
os_command_injection.py pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
subprocess_popen_injection.py pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
yaml_deserialization_general.py pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
yaml_deserialization_simple.py pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00

README.md

Tests including Proof of Exploits