reviewboard.admin.security_checks¶
- class BaseSecurityCheck[source]¶
Bases:
objectBase class for a security check.
- class BaseExecutableFileCheck[source]¶
Bases:
BaseSecurityCheckBase class for a security check involving uploaded files.
This handles registering files to check, storing them, and accessing them in order to determine whether a server-side or client-side vulnerability exists in the configuration around uploaded media files.
- setUp()[source]¶
Set up the security check.
This will go through the various file extensions that we intend to check and create file attachments with the given content.
- tearDown()[source]¶
Tear down the security check.
This will delete all of the files created in
setUp.
- execute()[source]¶
Execute the security check.
This will download each file that was created in
setUpand check that the content matches what we expect.- Returns:
A tuple of
(success, error_message).- Return type:
- __annotations__ = {}¶
- class ServerExecutableFileCheck[source]¶
Bases:
BaseExecutableFileCheckCheck that uploaded files aren’t executed server-side.
Web servers like to run code in files named things like .php or .shtml. This check makes sure that user-uploaded files do not get executed when loading them via their URL.
- desc = 'A misconfiguration in the web server can cause files attached to review requests to be executed as code. The file types checked in this test are: .html, .htm, .shtml, .php, .php3, .php4, .php5, .phps, .asp, .pl, .py, .fcgi, .cgi, .phtml, .phtm, .pht, .jsp, .sh, and .rb.'[source]¶
- fix_info = 'For instructions on how to fix this problem, please visit <a href="http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments">http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments</a>'[source]¶
- check_file(filename, url)[source]¶
Download a file and compare the resulting response to the file.
This makes sure that when we fetch a file via its URL, the returned contents are identical to the file contents. This returns True if the file contents match, and False otherwise.
- Parameters:
- Returns:
Trueif the file could be downloaded (or a HTTP 403 was hit) and the contents matched the expected value.Falseif the download failed for some reason or the contents didn’t match expectations.- Return type:
- __annotations__ = {}¶
- class BrowserExecutableFileCheck[source]¶
Bases:
BaseExecutableFileCheckCheck that uploaded files won’t be executed client-side.
Some file types (like SVGs and HTML files) that can be viewed inline in the browser once downloaded are also capable of running JavaScript. When this happens, those scripts may have access to the same cookies and sessions allowed by Review Board itself (if Review Board is hosting the files). These security checks ensure that the server is set up to force these files to download, rather than allow inline viewing.
- desc = 'Certain file types (such as SVG or HTML files) can contain embedded scripts that would be executed by your browser when viewed. We recommend forcing all uploaded media files to download when directly accessed in a browser. This applies only to files being served by Review Board, and not from a CDN.'[source]¶
- fix_info = 'For instructions on how to fix this problem, please visit <a href="http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments">http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments</a>'[source]¶
- check_file(filename, url)[source]¶
Download a file and check for expected headers.
This makes sure that when we fetch a file via its URL, the returned file’s headers would instruct the browser to force a download, rather than view the contents inline.
- __annotations__ = {}¶
- class AllowedHostsCheck[source]¶
Bases:
BaseSecurityCheckCheck that the ALLOWED_HOSTS setting is configured.
In order to prevent URL inejections, Django requires that ALLOWED_HOSTS be configured with a list of hostnames for which Review Board will answer. People upgrading from previous versions will have this set to a wildcard.
- desc = 'ALLOWED_HOSTS is a list containing the host/domain names that Review Board will consider valid for this server to serve. This is a security measure to prevent an attacker from poisoning cache and password reset e-mails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe web server configurations.'[source]¶
- fix_info = "To fix this, edit the settings_local.py in the site's conf directory and add a line like this with your site's URL: <pre>ALLOWED_HOSTS = ['example.com']</pre>"[source]¶
- execute()[source]¶
Execute the security check.
This checks the value of the ALLOWED_HOSTS setting to make sure that it contains one or more hostnames.
- __annotations__ = {}¶
- class SecurityCheckRunner[source]¶
Bases:
objectThis is a runner to execute the security checks defined above.
In order for a check to be run in this runner it needs to be added to the _security_checks list.
The information that comes back from a single check is the following:
name:User-friendly name used to describe the check.
desc:A more detailed description to provide information about the check.
result:Trueif the check passed, orFalseif it failed or there was an exception during its execution.error_msg:A description of what failed. This will be blank if the test passes.
fix_info:Instructions containing what a user should do if a check fails.