13 Never trust input

 

This chapter covers

  • Validating Python dependencies with Pipenv
  • Parsing YAML safely with PyYAML
  • Parsing XML safely with defusedxml
  • Preventing DoS attacks, Host header attacks, open redirects, and SQL injection

In this chapter, Mallory wreaks havoc on Alice, Bob, and Charlie with a half dozen attacks. These attacks, and their countermeasures, are not as complicated as the attacks I cover later. Each attack in this chapter follows a pattern: Mallory abuses a system or user with malicious input. These attacks arrive as many different forms of input: package dependencies, YAML, XML, HTTP, and SQL. The goals of these attacks include data corruption, privilege escalation, and unauthorized data access. Input validation is the antidote for every one of these attacks.

Many of the attacks I cover in this chapter are injection attacks. (You learned about injection attacks in the previous chapter.) In a typical injection attack, malicious input is injected into, and immediately executed by, a running system. For this reason, programmers have a tendency to overlook the atypical scenario I start with in this chapter. In this scenario, the injection happens upstream, at build time; the execution happens downstream, at runtime.

13.1 Package management with Pipenv

13.2 YAML remote code execution

13.3 XML entity expansion

13.3.1 Quadratic blowup attack

13.3.2 Billion laughs attack

13.4 Denial of service

13.5 Host header attacks

13.6 Open redirect attacks

13.7 SQL injection

13.7.1 Raw SQL queries

13.7.2 Database connection queries