Message53428
Logged In: YES
user_id=252564
Thanks for the idea, phr. I wrote a small class called
TaintString, derived from string, that has a taint attribute. This
is probably the least difficult part. The difficult part will be in
modifying functions like os.system() to raise warnings or
exceptions when tainted strings are passed to them. I'm
currently thinking of making wrapper modules with names like
taint.os, or taint.cgi, but the problem with this is that you
have to manually use taint.* for certain functions. If anybody
can think of something that can simplify this, please post it. |
|
Date |
User |
Action |
Args |
2007-08-23 16:01:57 | admin | link | issue500698 messages |
2007-08-23 16:01:57 | admin | create | |
|