Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Python deserialization documentation and add unit test #763

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update Python deserialization documentation and add unit test #763

wants to merge 1 commit into from

Conversation

lshep-bf
Copy link

@lshep-bf lshep-bf commented Jan 20, 2025
edited
Loading

Add more examples and sections to Insecure Deserialization/Python.md and create a new test file test_python_md.py.

  • Insecure Deserialization/Python.md:

    • Add examples of vulnerable code snippets and their secure alternatives for pickle and PyYAML.
    • Include a section on common pitfalls and how to avoid them when using deserialization in Python.
    • Provide a list of tools and libraries that can help detect and prevent insecure deserialization in Python applications.
    • Add references to relevant documentation, articles, and research papers for further reading.
    • Include a section on how to test for insecure deserialization vulnerabilities in Python applications, including both manual and automated testing techniques.

  • test_python_md.py:

    • Import the unittest and re modules.
    • Create a test case that reads the Insecure Deserialization/Python.md file.
    • Extract the Python code blocks from the markdown file.
    • Execute each code block and check for any exceptions.

For more details, open the Copilot Workspace session.

@lshep-bf
Update Python deserialization documentation and add unit test
3b957de 
Add more examples and sections to `Insecure Deserialization/Python.md` and create a new test file `test_python_md.py`.

* **Insecure Deserialization/Python.md**:
  - Add examples of vulnerable code snippets and their secure alternatives for `pickle` and `PyYAML`.
  - Include a section on common pitfalls and how to avoid them when using deserialization in Python.
  - Provide a list of tools and libraries that can help detect and prevent insecure deserialization in Python applications.
  - Add references to relevant documentation, articles, and research papers for further reading.
  - Include a section on how to test for insecure deserialization vulnerabilities in Python applications, including both manual and automated testing techniques.

* **test_python_md.py**:
  - Import the `unittest` and `re` modules.
  - Create a test case that reads the `Insecure Deserialization/Python.md` file.
  - Extract the Python code blocks from the markdown file.
  - Execute each code block and check for any exceptions.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/swisskyrepo/PayloadsAllTheThings?shareId=XXXX-XXXX-XXXX-XXXX).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lshep-bf