Remote code execution
kravietz opened this issue · comments
This code allows remote code execution as virtually no validation is applied to the hostname supplied.
gip = os.popen("dig @8.8.8.8 +short {0} | tail -1".format(
You can pass xxx; touch /tmp/poc
and the touch
command will be executed. I realize the library is intended for writing local tests but I can easily imagine someone using it to implement a web service for testing 3rd party domains and it would be catastrophic in such scenario. I guess a big fat warning would be sufficient...
Same applies to this SSL code
The SSL code might be replaced with something like this: https://github.com/Ecno92/cert-info (though I must admit I did not do proper research here...)
@pennersr This can be easily fixed using built-in Python functions in case of SSL, see my fork here https://github.com/kravietz/netwell-ng/blob/master/netwell/checkers.py#L212 and I have also reimplemented ther DNS part using dnspython
library https://github.com/kravietz/netwell-ng/blob/master/netwell/checkers.py#L278
Great, can you send over a pull request?