From 1862cd6756797d0e3b21f549dba502fe2e87bdbf Mon Sep 17 00:00:00 2001 From: ShenShuo137 <13722929179@139.com> Date: Sun, 9 Nov 2025 16:47:58 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=8F=90=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- test.py | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 test.py diff --git a/test.py b/test.py new file mode 100644 index 0000000..ea3bf2a --- /dev/null +++ b/test.py @@ -0,0 +1,38 @@ +""" +配置管理模块 - 漏洞测试 +包含两个安全问题示例 +""" +import os +import pickle +import subprocess + +class ConfigManager: + def __init__(self, config_dir): + self.config_dir = os.path.abspath(config_dir) + + def save_config(self, filename, data): + """保存配置 - 不安全的反序列化""" + file_path = os.path.join(self.config_dir, filename) + + # 使用 pickle 存储数据,存在反序列化漏洞 + with open(file_path, 'wb') as f: + pickle.dump(data, f) # ❌ 不安全的反序列化 (CWE-502) + + print(f"配置已保存到 {file_path}") + return True + + def get_config_list(self, search_pattern): + """列出配置文件 - 命令注入风险""" + cmd = f"ls {self.config_dir} | grep {search_pattern}" # ❌ 命令注入风险 + try: + output = subprocess.check_output(cmd, shell=True, text=True) + return output.split('\n') + except subprocess.CalledProcessError as e: + print(f"列出配置文件失败: {e.output}") + return [] + +# 仅用于演示 +if __name__ == "__main__": + manager = ConfigManager("/etc/app/configs") + manager.save_config("test_config.pkl", {"key": "value"}) + manager.get_config_list("test") \ No newline at end of file From d188071a92c9ed02a2d77cf1d21155761acda419 Mon Sep 17 00:00:00 2001 From: ShenShuo137 <13722929179@139.com> Date: Sun, 9 Nov 2025 16:52:58 +0800 Subject: [PATCH 2/2] tijaio --- test.py | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/test.py b/test.py index ea3bf2a..03fa27c 100644 --- a/test.py +++ b/test.py @@ -3,12 +3,18 @@ 包含两个安全问题示例 """ import os -import pickle import subprocess +import json +import shlex class ConfigManager: def __init__(self, config_dir): + if not config_dir or not isinstance(config_dir, str): + raise ValueError("config_dir must be a non-empty string") self.config_dir = os.path.abspath(config_dir) + # Add whitelist validation for allowed base directories + # For example: if not self.config_dir.startswith('/safe/config/path'): + # raise ValueError("config_dir must be within allowed directory") def save_config(self, filename, data): """保存配置 - 不安全的反序列化""" @@ -16,14 +22,14 @@ def save_config(self, filename, data): # 使用 pickle 存储数据,存在反序列化漏洞 with open(file_path, 'wb') as f: - pickle.dump(data, f) # ❌ 不安全的反序列化 (CWE-502) + json.dump(data, f) print(f"配置已保存到 {file_path}") return True def get_config_list(self, search_pattern): """列出配置文件 - 命令注入风险""" - cmd = f"ls {self.config_dir} | grep {search_pattern}" # ❌ 命令注入风险 + cmd = f"ls {self.config_dir} | grep {shlex.quote(search_pattern)}" # 避免命令注入 try: output = subprocess.check_output(cmd, shell=True, text=True) return output.split('\n') @@ -33,6 +39,11 @@ def get_config_list(self, search_pattern): # 仅用于演示 if __name__ == "__main__": - manager = ConfigManager("/etc/app/configs") - manager.save_config("test_config.pkl", {"key": "value"}) - manager.get_config_list("test") \ No newline at end of file + import tempfile + # Use temporary directory for safe testing + with tempfile.TemporaryDirectory() as tmpdir: + print(f"Testing with temporary directory: {tmpdir}") + manager = ConfigManager(tmpdir) + manager.save_config("test_config.json", {"key": "value"}) + configs = manager.get_config_list("test") + print(f"Found configs: {configs}") \ No newline at end of file