From 30153eeabedda243b7e035ee55303d0109a35cea Mon Sep 17 00:00:00 2001 From: myteron Date: Thu, 7 Nov 2024 13:41:37 +0000 Subject: [PATCH] Update README.md addressing Barts comments addressed typos and phrasing comments by bart Signed-off-by: myteron --- .../Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md b/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md index 69f16790..496cffbb 100644 --- a/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md +++ b/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md @@ -35,7 +35,7 @@ Any variation of using input from a lesser trusted source as part of a command l ## Non-Compliant Code Example (Read Only) -This scenario demonstrates a potential remote command execution. The `FileOperations.list_dir()` method allows an attacker to inject commands into the string dirname such as `head -1 /etc/passwd` under Linux or `net user` under Windows. Note that older versions of `Python < 3.9.12` allowed to turn a non-interactive shell into an active shell in Windows by providing `cmd.exe /C` as an argument [[python.org 3.12.5 - Subprocess management]](https://docs.python.org/3/library/subprocess.html). +This scenario demonstrates a potential remote command execution. The `FileOperations.list_dir()` method allows an attacker to inject commands into the string dirname such as `head -1 /etc/passwd` under Linux or `net user` under Windows. Older versions of `Python < 3.9.12` allow to turn a non-interactive shell into an active shell in Windows by providing `cmd.exe /C` as an argument [[python.org 3.12.5 - Subprocess management]](https://docs.python.org/3/library/subprocess.html). *[noncompliant01.py](noncompliant01.py):* @@ -69,7 +69,9 @@ if "posix" in os.name: ``` -Instead of listing files, the code in `noncompliant01.py` prints the first line of `/etc/passwd` on Linux or starts `net user` under Windows. +The code in `noncompliant01.py` prints the first line of `/etc/passwd` on Linux or starts `net user` under Windows. +The `FileOperations().list_dir()` method allows an attacker to add commands via `;` in Linux and `&` in Windows. + ## Non-Compliant Code Example (Read, Write)