[Python]Web Security

[Saibal]

Been bored and skimmed through my old pc. Found some python scripts and was like, "Haven't posted in BG for awhile."

Code:

import webbrowser
import urllib
import rexec
import tkMessageBox

#Created by: Saibal

class web_security(object):
    """Web Security Module"""
    def __init__(self):
        the_url = str(raw_input("Address: "))
        try:
            tempfile = urllib.urlopen(the_url).read()
        except IOError:
            print "Error finding file."
        if the_url[-3:] == ".py":
            self.runCode(tempfile)
        else:
            try:
                print tempfile
            except UnboundLocalError:
                print "Invalid web address."
                

    
    def runCode(self, statement):
        try:
            self.r_exec(statement)
        except AttributeError, name:
            tkMessageBox.showerror( "Error",
                                    "Restricted code tried to access forbidden " + \
                                    "attribute:" + str( name ) )

start = web_security()

Amazed that it's not obsolete yet..

What this does is exactly, is allow you to enter a url you surf. Once the program connects it the website it displays the websites source, but if the URL has the extension .py it connects and runs the python script. This is a big security hole, and must be fixed. That is why we imported rexec to scan the code, and compare it to the python program. If there are similar objects it will display a message box with the attribute the url .py script tried to access, and won't run the code.

Use it on your python applications, it comes in handy, trust me on that.

[Saibal]

Bump.

Still useable. I honestly don't know how people haven't patched it.