added block system auditor
This commit is contained in:
		
							parent
							
								
									70408b828b
								
							
						
					
					
						commit
						9af3f06b56
					
				
					 2 changed files with 23 additions and 2 deletions
				
			
		|  | @ -38,6 +38,8 @@ def sys_hook_entrypoint(event, info): | |||
|     elif event == 'exec': | ||||
|         # logs and block both exec and eval | ||||
|         ministry.ofexec.block_exec(event, info) | ||||
|     elif event == 'system': | ||||
|         ministry.ofexec.block_system(info) | ||||
| 
 | ||||
| 
 | ||||
| def enable_ministries(disable_hooks: Iterable = []): | ||||
|  |  | |||
|  | @ -1,9 +1,10 @@ | |||
| """ | ||||
|     Onionr - Private P2P Communication | ||||
| 
 | ||||
|     Prevent eval/exec and log it | ||||
|     Prevent eval/exec/os.system and log it | ||||
| """ | ||||
| import base64 | ||||
| import platform | ||||
| 
 | ||||
| import logger | ||||
| from utils import identifyhome | ||||
|  | @ -24,12 +25,30 @@ from onionrexceptions import ArbitraryCodeExec | |||
| """ | ||||
| 
 | ||||
| 
 | ||||
| def block_system(cmd): | ||||
|     allowed = 'taskkill /PID ' | ||||
|     is_ok = False | ||||
|     if platform.platform == 'Windows': | ||||
|         if cmd.startswith(allowed): | ||||
|             for c in cmd.split(allowed)[1]: | ||||
|                 if not c.isalnum() or c not in ('/', 'F', ' '): | ||||
|                     break | ||||
|             else: | ||||
|                 is_ok = True | ||||
|     if not is_ok: | ||||
|         logger.warn('POSSIBLE EXPLOIT DETECTED, SEE LOGS', terminal=True) | ||||
|         logger.warn(f'POSSIBLE EXPLOIT: shell command not in whitelist: {cmd}') | ||||
|         raise ArbitraryCodeExec('os.system command not in whitelist') | ||||
| 
 | ||||
| 
 | ||||
| def block_exec(event, info): | ||||
|     """Prevent arbitrary code execution in eval/exec and log it""" | ||||
|     """Prevent arbitrary code execution in eval/exec and log it | ||||
|     """ | ||||
|     # because libraries have stupid amounts of compile/exec/eval, | ||||
|     # We have to use a whitelist where it can be tolerated | ||||
|     whitelisted_code = [ | ||||
|                         'netrc.py', | ||||
|                         'shlex.py', | ||||
|                         '<werkzeug routing>', | ||||
|                         'werkzeug/test.py', | ||||
|                         'multiprocessing/popen_fork.py', | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue