Message 53428 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	sketerpot
Recipients
Date	2003-02-14.17:21:11
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Logged In: YES user_id=252564 Thanks for the idea, phr. I wrote a small class called TaintString, derived from string, that has a taint attribute. This is probably the least difficult part. The difficult part will be in modifying functions like os.system() to raise warnings or exceptions when tainted strings are passed to them. I'm currently thinking of making wrapper modules with names like taint.os, or taint.cgi, but the problem with this is that you have to manually use taint.* for certain functions. If anybody can think of something that can simplify this, please post it.

Logged In: YES 
user_id=252564

Thanks for the idea, phr. I wrote a small class called 
TaintString, derived from string, that has a taint attribute. This 
is probably the least difficult part. The difficult part will be in 
modifying functions like os.system() to raise warnings or 
exceptions when tainted strings are passed to them. I'm 
currently thinking of making wrapper modules with names like 
taint.os, or taint.cgi, but the problem with this is that you 
have to manually use taint.* for certain functions. If anybody 
can think of something that can simplify this, please post it.

History
Date	User	Action	Args
2007-08-23 16:01:57	admin	link	issue500698 messages
2007-08-23 16:01:57	admin	create