[Python-ideas] pytaint: taint tracking in python
Felix Gröbert
felix at groebert.org
Mon Oct 14 14:25:53 CEST 2013
Hi,
I'd like to start a discussion on adding a security feature: taint tracking.
As part of his internship, Marcin (cc) has been working on a patch to
cpython-2.7.5 which is available online. We also published a design
document and slides.
https://github.com/felixgr/pytaint
The idea behind taint tracking (or taint checking) is that we mark
('taint') untrusted data and prevent the programmer from using it in
sensitive places (called sinks). A standard use case would be in a web
application, where data extracted from HTTP requests is tainted and a
database connection is sensitive sink. In other words: objects returned by
http request have a property indicating taint, and when one of them is
passed to database connection, a TaintException is raised.
The idea itself is not new (Ruby and Perl have it; there are also some
python libraries floating around) and pretty much noone uses it - however
with a few improvements, it can be made viable.
Firstly, we introduce different kinds of taint (motivation: a string may be
attack vector for many classes of attacks - e.g. XSS, SQLi - and we need
different escaping for that). Secondly, we allow to easily apply it to
existing software - a programmer can simply write a config file specifying
taint sources, sensitive sinks and taint cleaners, and enable tracking by
adding one line to his app.
We think it's a very useful feature for developing most of webapps and
other security-sensitive application in Python, any thoughts on this?
Thanks,
Felix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20131014/68152c37/attachment.html>
More information about the Python-ideas
mailing list