Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

Don't worry. Life's too long. -- Vincent Sardi, Jr.

comp / comp.lang.python / Sanitise user input for a script

SubjectAuthor
o Sanitise user input for a scriptSimon Connah

1
Subject: Sanitise user input for a script
From: Simon Connah
Newsgroups: comp.lang.python
Date: Fri, 30 Aug 2024 19:18 UTC
References: 1
Attachments: "signature.asc" (application/pgp-signature)
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!not-for-mail
From: simon.n.connah@protonmail.com (Simon Connah)
Newsgroups: comp.lang.python
Subject: Sanitise user input for a script
Date: Fri, 30 Aug 2024 19:18:29 +0000
Lines: 42
Message-ID: <mailman.16.1725045529.2917.python-list@python.org>
References: <Y_Bag-4OjGfIUUu5xJIzjMhKnizgNZcYAf05yMBQT7n_j-eeooAwDo2e1yVK1FWLbhUeQLmRZ82ywJcyqs13yuDBuejH_fHBxwNHDBRm_1A=@protonmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg=pgp-sha512;
boundary="------3799dd36afc264420b5b72f92c3d78da556b04024bc702f9c72563836027c757";
charset=utf-8
X-Trace: news.uni-berlin.de BMxs4DcqBWYM8tRJKrLrGgRwtJvfdGW/9N+10UcPmEtQ==
Cancel-Lock: sha1:rd7rc2q0m4bExBdx3hVDfpXvBrQ= sha256:iJx4FY7jPTGUkumak3fvM1DYte6sdUbDp1RJ4vmQg3Y=
Return-Path: <simon.n.connah@protonmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=pass
reason="2048-bit key; unprotected key"
header.d=protonmail.com header.i=@protonmail.com header.b=CvSek3zY;
dkim-adsp=pass; dkim-atps=neutral
X-Spam-Status: OK 0.034
X-Spam-Evidence: '*H*': 0.93; '*S*': 0.00; 'content-
type:multipart/signed': 0.05; 'content-type:application/pgp-
signature': 0.09; 'filename:fname piece:asc': 0.09;
'filename:fname piece:signature': 0.09;
'filename:fname:signature.asc': 0.09; 'subject:script': 0.09;
'content-disposition:attachment; filename="signature.asc"': 0.16;
'machine.': 0.16; 'protecting': 0.16; 'received:mail-europe.com':
0.16; 'python': 0.16; 'to:addr:python-list': 0.20; 'input': 0.21;
"i'd": 0.24; 'thinking': 0.28; 'suggestions': 0.28; 'message-
id:@protonmail.com': 0.32; 'but': 0.32; "i'm": 0.33;
'subject:for': 0.33; 'script': 0.33; 'someone': 0.34; 'using':
0.37; 'way': 0.38; 'could': 0.38; 'best': 0.61; 'let': 0.66;
'content-type:multipart/mixed': 0.68; 'know.': 0.68; 'malicious':
0.69; 'protection': 0.70; 'offer': 0.71; 'header:Received:2':
0.84; 'itself.': 0.84; 'received:188.165': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1725045514; x=1725304714;
bh=iyhsnYOMEyTDBDK2UjufH4hQnb0xFyGbBIOBvJiqo/c=;
h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:
Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;
b=CvSek3zYliuKmz+wmA27rpeBQNGKFBmoKr0iOhV6Hf7X3cMfAffTEjWx4ItSkHJ54
Zd5B8myH7ndbYnV3Y8YTp8P9YQOYHegzRr+QV8CGcqyc2O+PUonsd9m4Zk+KcOhCqc
YaP8g3wS6RSthXFzxNx0W6G+4Gd7V4GJxOp+DlkyPdaopqoL9d2jOm+N7jx3pHU0lm
ucXlwQDHnHRS6o9l3aBrgAUagNykAZTQ1zAJSjVt7zrW/v7s03hPLu9Q+T6w/cgC4f
Z8O8KAIieFU3zzAA1U7WOtg60OGziRBW5DeanT2w7Y5uzLMKIzBRyrVI2aat1xA83N
Yx+tj2Ob7fq+A==
Feedback-ID: 24074989:user:proton
X-Pm-Message-ID: f0144b6fb1b06a6ac631d1da297437dab478d937
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <Y_Bag-4OjGfIUUu5xJIzjMhKnizgNZcYAf05yMBQT7n_j-eeooAwDo2e1yVK1FWLbhUeQLmRZ82ywJcyqs13yuDBuejH_fHBxwNHDBRm_1A=@protonmail.com>
View all headers

I need to write a script that will take some user input (supplied on a website) and then execute a Python script on a host via SSH. I'm curious what the best options are for protecting against malicious input in much the smae way as you sanitise SQL to protect against SQL injections.

I could do it either on the website itself or by doing it on the host machine.

I'm thinking of using argparse but I'm aware it does not offer any protection itself.

If someone has any suggestions I'd appreciated it. If you need more information then please let me know.

Simon.

Attachments: "signature.asc" (application/pgp-signature)
1

rocksolid light 0.9.8
clearnet tor