This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

SpoC 007 - Python Tainted Mode - Progress Page

From OWASP

Revision as of 07:32, 4 November 2007 by Denis (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Objectives for OWASP Spring of Code 2007

Accomplished objectives at 1st of November 2007

[100%] Formalize Tainted Mode paradigm.
[100%] Add 'tainted' flag field to str and unicode Python types that tracks data taintedness.
[100%] Provide propagation of 'tainted' flag throughout strings interaction (concatenation, substring, etc.).
[100%] Add support for logging of Python programms traces. For debug and analysys purposes only.
[100%] Add support for analysys of callable objects invocation. Callable object is classified as input, filter, critical or other.
[100%] Add support for analysys of retrieving data from object fields. For example, data from mod_python's mp_request.headers_in["Accept"] should be treated as tainted.
[100%] Add support for exceptions raising after tainted data is passed into critical callable objects. This would be "Classical Tainted Mode".
[100%] Add support for logging of tainted arguments passed into critical callable objects. This would be "Tainted Mode with Logging".
[100%] Perform review of most popular Python frameworks in order to complete configuration profiles that contain signature of input, filter and critical callable objects for each framework.
[100%] Perform testing and state proposals for future work.

Retrieved from "https://wiki.owasp.org/index.php?title=SpoC_007_-_Python_Tainted_Mode_-_Progress_Page&oldid=22920"