I am looking for a way to use a raw_input() prompt to execute code of another object to ensure I do this in a secure way.
I have two classes, the 1st has a method i am not supposed to call, neither from outside, nor from inside ; the 2nd has a method to parse a user's request built this way : "method-to-call arg1 arg2 ...". For example : "add 5 3". And the method "do_add" shall be called with 5 and 3 as arguments.
class Obj1 :
# ...
def do_forbidden(self) :
# Not supposed to execute
# ...
class Obj2 :
# ...
def process_cmd(self, cmd) :
words = cmd.split()
if len(words) > 0 :
mthdname = 'do_' + words[ 0 ]
args = words[1:]
if hasattr(self, mthdname):
mthd = getattr(self, mthdname)
mthd(*args)
# ...
Then :
obj1 = Obj1()
obj2 = Obj2()
# ...
cmd = raw_input("Command : ")
obj2.process_cmd(cmd)
Here, is there a way to type something that can execute "do_forbidden()" from obj1? And does input() instead of raw_input() makes a difference?
If an exploit is actually possible, an attacker can 'guess' one of the methods' name to execute it, then is the prefix 'do_' a good protection?
It's not possible to exploit this. Unless of course one of the do_ methods has some other vulnerability. You can't execute a method not defined on the same object as process_cmd is called from.
input would be a totally different thing, that alows you execute about anything you want.