[Python-ideas] pytaint: taint tracking in python

[Andrew Barnert]

On Oct 14, 2013, at 5:25, Felix Gröbert <felix at groebert.org> wrote:

> The idea itself is not new (Ruby and Perl have it; there are also some python libraries floating around) and pretty much noone uses it - however with a few improvements, it can be made viable.

A good part of the reason no one uses it is that SQL injection is always given as the motivation for the idea, but it's not a very good solution for that problem, and there's already a well-known better solution: parameterized queries.

SQL isn't the only case where you build executable strings--a document formatter might build Postscript code; a forum might build HTML (maybe even with embedded JS); a game might even read Python code from an in-game console or untrusted mod that's allowed to run in a different globals environment but not the main one; etc. Has anyone successfully used perl's long-standing taint mode for any such purposes? If not, can you demonstrate using it in python?

I don't think that would be _necessary_ for a python taint mode implementation to be considered useful, but it would certainly help get attention to the idea.