Encoded json maybe quite big, so compress it first

2017-03-17 13:27:54 +02:00 · 2017-03-17 13:27:54 +02:00 · 45beda8450
parent 982b749d47
commit 45beda8450
3 changed files with 33 additions and 18 deletions
--- a/pupy/pp.py
+++ b/pupy/pp.py
@ -62,6 +62,7 @@ from network.lib.connection import PupyConnection
 import logging
 import shlex
 import marshal
+import zlib

 try:
    # additional imports needed to package with pyinstaller
@ -95,7 +96,11 @@ def safe_obtain(proxy):
    if type(proxy) in [list, str, bytes, dict, set, type(None)]:
        return proxy
    conn = object.__getattribute__(proxy, "____conn__")()
-    return json.loads(conn.root.json_dumps(proxy)) # should prevent any code execution
+    return json.loads(
+        zlib.decompress(
+            conn.root.json_dumps(proxy, compressed=True)
+        )
+    ) # should prevent any code execution

 def obtain(proxy):
    """ allows to convert netref types into python native types """
@ -195,8 +200,12 @@ class ReverseSlaveService(Service):
        """imports an arbitrary module"""
        return __import__(name, None, None, "*")

-    def exposed_json_dumps(self, obj):
-        return json.dumps(obj)
+    def exposed_json_dumps(self, obj, compressed=False):
+        data = json.dumps(obj)
+        if compressed:
+            data = zlib.compress(data)
+
+        return data

    def exposed_getconn(self):
        """returns the local connection instance to the other side"""
--- a/pupy/pupylib/PupyService.py
+++ b/pupy/pupylib/PupyService.py
@ -22,6 +22,7 @@ import ssl
 import logging
 import traceback
 import json
+import zlib

 from pupylib.PupyCredentials import Credentials

@ -96,8 +97,12 @@ class PupyService(rpyc.Service):
    def exposed_set_modules(self, modules):
        self.modules=modules

-    def exposed_json_dumps(self, js):
-        return json.dumps(js)
+    def exposed_json_dumps(self, js, compressed=False):
+        data = json.dumps(js)
+        if compressed:
+            data = zlib.compress(data)
+
+        return data

 class PupyBindService(PupyService):
    def exposed_get_password(self):
--- a/pupy/pupylib/utils/rpyc_utils.py
+++ b/pupy/pupylib/utils/rpyc_utils.py
@ -1,4 +1,4 @@
-# -*- coding: UTF8 -*-
+# -*- coding: utf-8 -*-
 # --------------------------------------------------------------
 # Copyright (c) 2015, Nicolas VERDIER (contact@n1nj4.eu)
 # All rights reserved.
@ -19,14 +19,16 @@ from contextlib import contextmanager
 from rpyc.utils.helpers import restricted
 import textwrap
 import json
-
+import zlib

 def safe_obtain(proxy):
    """ safe version of rpyc's rpyc.utils.classic.obtain, without using pickle. """
    if type(proxy) in [list, str, bytes, dict, set, type(None)]:
        return proxy
    conn = object.__getattribute__(proxy, "____conn__")()
-    return json.loads(conn.root.json_dumps(proxy)) # should prevent any code execution
+    data = conn.root.json_dumps(proxy, compressed=True)
+    data = zlib.decompress(data)
+    return json.loads(data) # should prevent any code execution

 def obtain(proxy):
    return safe_obtain(proxy)
@ -101,4 +103,3 @@ def redirected_stdio(conn):
        conn.modules.sys.stdin = orig_stdin
        conn.modules.sys.stdout = orig_stdout
        conn.modules.sys.stderr = orig_stderr
-