added block system auditor
This commit is contained in:
		
							parent
							
								
									70408b828b
								
							
						
					
					
						commit
						9af3f06b56
					
				
					 2 changed files with 23 additions and 2 deletions
				
			
		|  | @ -38,6 +38,8 @@ def sys_hook_entrypoint(event, info): | ||||||
|     elif event == 'exec': |     elif event == 'exec': | ||||||
|         # logs and block both exec and eval |         # logs and block both exec and eval | ||||||
|         ministry.ofexec.block_exec(event, info) |         ministry.ofexec.block_exec(event, info) | ||||||
|  |     elif event == 'system': | ||||||
|  |         ministry.ofexec.block_system(info) | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| def enable_ministries(disable_hooks: Iterable = []): | def enable_ministries(disable_hooks: Iterable = []): | ||||||
|  |  | ||||||
|  | @ -1,9 +1,10 @@ | ||||||
| """ | """ | ||||||
|     Onionr - Private P2P Communication |     Onionr - Private P2P Communication | ||||||
| 
 | 
 | ||||||
|     Prevent eval/exec and log it |     Prevent eval/exec/os.system and log it | ||||||
| """ | """ | ||||||
| import base64 | import base64 | ||||||
|  | import platform | ||||||
| 
 | 
 | ||||||
| import logger | import logger | ||||||
| from utils import identifyhome | from utils import identifyhome | ||||||
|  | @ -24,12 +25,30 @@ from onionrexceptions import ArbitraryCodeExec | ||||||
| """ | """ | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | def block_system(cmd): | ||||||
|  |     allowed = 'taskkill /PID ' | ||||||
|  |     is_ok = False | ||||||
|  |     if platform.platform == 'Windows': | ||||||
|  |         if cmd.startswith(allowed): | ||||||
|  |             for c in cmd.split(allowed)[1]: | ||||||
|  |                 if not c.isalnum() or c not in ('/', 'F', ' '): | ||||||
|  |                     break | ||||||
|  |             else: | ||||||
|  |                 is_ok = True | ||||||
|  |     if not is_ok: | ||||||
|  |         logger.warn('POSSIBLE EXPLOIT DETECTED, SEE LOGS', terminal=True) | ||||||
|  |         logger.warn(f'POSSIBLE EXPLOIT: shell command not in whitelist: {cmd}') | ||||||
|  |         raise ArbitraryCodeExec('os.system command not in whitelist') | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
| def block_exec(event, info): | def block_exec(event, info): | ||||||
|     """Prevent arbitrary code execution in eval/exec and log it""" |     """Prevent arbitrary code execution in eval/exec and log it | ||||||
|  |     """ | ||||||
|     # because libraries have stupid amounts of compile/exec/eval, |     # because libraries have stupid amounts of compile/exec/eval, | ||||||
|     # We have to use a whitelist where it can be tolerated |     # We have to use a whitelist where it can be tolerated | ||||||
|     whitelisted_code = [ |     whitelisted_code = [ | ||||||
|                         'netrc.py', |                         'netrc.py', | ||||||
|  |                         'shlex.py', | ||||||
|                         '<werkzeug routing>', |                         '<werkzeug routing>', | ||||||
|                         'werkzeug/test.py', |                         'werkzeug/test.py', | ||||||
|                         'multiprocessing/popen_fork.py', |                         'multiprocessing/popen_fork.py', | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue