reviewboard.admin.security_checks¶
- class BaseSecurityCheck[source]¶
Bases:
object
Base class for a security check.
- class BaseExecutableFileCheck[source]¶
Bases:
BaseSecurityCheck
Base class for a security check involving uploaded files.
This handles registering files to check, storing them, and accessing them in order to determine whether a server-side or client-side vulnerability exists in the configuration around uploaded media files.
- setUp()[source]¶
Set up the security check.
This will go through the various file extensions that we intend to check and create file attachments with the given content.
- class ServerExecutableFileCheck[source]¶
Bases:
BaseExecutableFileCheck
Check that uploaded files aren’t executed server-side.
Web servers like to run code in files named things like .php or .shtml. This check makes sure that user-uploaded files do not get executed when loading them via their URL.
- desc = 'A misconfiguration in the web server can cause files attached to review requests to be executed as code. The file types checked in this test are: .html, .htm, .shtml, .php, .php3, .php4, .php5, .phps, .asp, .pl, .py, .fcgi, .cgi, .phtml, .phtm, .pht, .jsp, .sh, and .rb.'[source]¶
- fix_info = 'For instructions on how to fix this problem, please visit <a href="http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments">http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments</a>'[source]¶
- check_file(filename, url)[source]¶
Download a file and compare the resulting response to the file.
This makes sure that when we fetch a file via its URL, the returned contents are identical to the file contents. This returns True if the file contents match, and False otherwise.
- Parameters:
- Returns:
True
if the file could be downloaded (or a HTTP 403 was hit) and the contents matched the expected value.False
if the download failed for some reason or the contents didn’t match expectations.- Return type:
- class BrowserExecutableFileCheck[source]¶
Bases:
BaseExecutableFileCheck
Check that uploaded files won’t be executed client-side.
Some file types (like SVGs and HTML files) that can be viewed inline in the browser once downloaded are also capable of running JavaScript. When this happens, those scripts may have access to the same cookies and sessions allowed by Review Board itself (if Review Board is hosting the files). These security checks ensure that the server is set up to force these files to download, rather than allow inline viewing.
- desc = 'Certain file types (such as SVG or HTML files) can contain embedded scripts that would be executed by your browser when viewed. We recommend forcing all uploaded media files to download when directly accessed in a browser. This applies only to files being served by Review Board, and not from a CDN.'[source]¶
- fix_info = 'For instructions on how to fix this problem, please visit <a href="http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments">http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments</a>'[source]¶
- class AllowedHostsCheck[source]¶
Bases:
BaseSecurityCheck
Check that the ALLOWED_HOSTS setting is configured.
In order to prevent URL inejections, Django requires that ALLOWED_HOSTS be configured with a list of hostnames for which Review Board will answer. People upgrading from previous versions will have this set to a wildcard.
- desc = 'ALLOWED_HOSTS is a list containing the host/domain names that Review Board will consider valid for this server to serve. This is a security measure to prevent an attacker from poisoning cache and password reset e-mails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe web server configurations.'[source]¶
- class SecurityCheckRunner[source]¶
Bases:
object
This is a runner to execute the security checks defined above.
In order for a check to be run in this runner it needs to be added to the _security_checks list.
The information that comes back from a single check is the following:
name
:User-friendly name used to describe the check.
desc
:A more detailed description to provide information about the check.
result
:True
if the check passed, orFalse
if it failed or there was an exception during its execution.error_msg
:A description of what failed. This will be blank if the test passes.
fix_info
:Instructions containing what a user should do if a check fails.