Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule check on SimpleXMLRPCServer.register_instance with allow_dotted_names parameter #399

Open
ericwb opened this issue Mar 31, 2024 · 0 comments
Open

Rule check on SimpleXMLRPCServer.register_instance with allow_dotted_names parameter #399

ericwb opened this issue Mar 31, 2024 · 0 comments
Labels
enhancement New feature or request new rule Enhancement request for a new rule

Comments

@ericwb
Copy link
Contributor

ericwb commented Mar 31, 2024

Is your feature request related to a problem? Please describe.
As stated in the Python docs:

"Enabling the allow_dotted_names option allows intruders to access your module’s global variables and may allow intruders to execute arbitrary code on your machine. Only use this option on a secure, closed network. "

Describe the solution you'd like
New rule to check for this call and parameter.

Describe alternatives you've considered
n/a

Additional context
https://docs.python.org/3/library/xmlrpc.server.html#xmlrpc.server.SimpleXMLRPCServer.register_instance

Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.
@ericwb ericwb added enhancement New feature or request new rule Enhancement request for a new rule labels Mar 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request new rule Enhancement request for a new rule
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ericwb