SUA/오픈소스 보안
[Python] 취약/안전 코드를 작성해보기
yglee730
2021. 12. 20. 18:08
728x90
1. SQL Injection
SQL Injection 취약점에 취약한 코드
cmd = "update people set name='%s' where id='%s'" % (name, id)
curs.execute(cmd)
SQL Injection 취약점에 안전한 코드
cmd = "update people set name=%s where id=%s"
curs.execute(cmd, (name, id))
2. file download (wargame 소스코드 발췌)
file dowload 취약점에 취약한 코드
@APP.route('/read')
def read_memo():
error = False
data = b''
filename = request.args.get('name', '')
try:
with open(f'{UPLOAD_DIR}/{filename}', 'rb') as f:
data = f.read()
except (IsADirectoryError, FileNotFoundError):
error = True
return render_template('read.html',
filename=filename,
content=data.decode('utf-8'),
error=error)
file download 취약점에 안전한 코드
@APP.route('/read')
def read_memo():
error = False
data = b''
filename = request.args.get('name', '')
filename = filename.replace('../', '')
try:
with open(f'{UPLOAD_DIR}/{filename}', 'rb') as f:
data = f.read()
except (IsADirectoryError, FileNotFoundError):
error = True
return render_template('read.html',
filename=filename,
content=data.decode('utf-8'),
error=error)
3. XSS (Django 소스코드 발췌)
취약한 코드
var li = $('<li>').append(res.result + ' - ' + res.time.htmlEscape());안전한 코드
var li = $('<li>').append(res.result.htmlEscape() + ' - ' + res.time.htmlEscape());
취약한 코드
var query = decodeURIComponent(windows.location.search.match(/inputSearch=(.*?)(&|$)/)[1]).replace('+',' ');안전한 코드
import DOMPurify from 'dompurify';
var query = DOMPurify.sanitize(decodeURIComponent(window.location.search.match(/inputSearch=(.*?)(&|$)/)[1]).replace('+', ' '));
취약한 코드
+ "ErrorId: " + errorId + "<br>URL: " + window.location.href + "<br>UserAgent: " + userAgent + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>");안전한 코드
+ "ErrorId: " + errorId + "<br>URL: " + padutils.escapeHtml(window.location.href) + "<br>UserAgent: " + userAgent + "<br>" + msg + " in " + url + " at line " + linenumber + "'</div></div>");