Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/infra/sanitizers/pysecsan
History
DavidKorczynski c83e209ea1
pysecsan: add framework for python sanitization (#8480) 
Foundations for doing Python sanitization. It's achieved by hooking
Python functions and attributes on Python objects (see the ReDoS example
for this). The Pysan package can be installed with `python3 -m pip
install .` and `python3 -m pip install pysecsan` , so it should be easy
to start deploying this selectively on projects in OSS-Fuzz.

Currently there are sanitizers for
- code injection
- regex dos
- insecure yaml deserialization.

I've included several example targets for code injections, e.g. the
pytorch-lightning example from SystemSan, and ReDoS.

The package on pypi: https://pypi.org/project/pysecsan

Signed-off-by: David Korczynski <david@adalogics.com>
 		2022-10-28 13:29:47 +01:00
..
pysecsan pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
tests pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
.gitignore pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
LICENSE pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
README.md pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
pyproject.toml pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00
setup.py pysecsan: add framework for python sanitization (#8480) 2022-10-28 13:29:47 +01:00

README.md

pysecsan

Security sanitizers for vulnerability detection during runtime.