hcq/openGauss-OM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v5.0.2
openGauss-OM/script/base_utils/security/security_checker.py
bowenliu bee3a1c4d3 1030 OM patch
2022-11-07 20:17:20 +08:00

123 lines
4.6 KiB
Python
Raw Permalink Blame History

# -*- coding:utf-8 -*-
#############################################################################
# Copyright (c): 2012-2019, Huawei Tech. Co., Ltd.
# FileName : security_checker.py
# Version : Gauss300
# Date : 2021-06-30
# Description : security_checker.py check security conditions
#############################################################################
import re
from gspylib.common.ErrorCode import ErrorCode
class ValidationError(Exception):
"""
validation base error
"""
def __init__(self, error_info):
super().__init__(self)
self.error_info = error_info
def __str__(self):
return self.error_info
class SecurityChecker(object):
"""check security conditions"""
INJECTION_CHAR_LIST = ["|", ";", "&", "$", "<", ">", "`", "\\", "'", "\"", "{", "}", "(", ")",
"[", "]", "~", "*", "?", " ", "!", "\n"]
PWD_VALIDATION_PATTERN = r'^[A-Za-z0-9~!@#%^*\-_=+?,]+$'
IP_PATTERN = r'^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)$'
@staticmethod
def check_injection_char(check_value):
"""
function: check suspicious injection value
input : check_value
output: NA
"""
if not check_value.strip():
return
if any(rac in check_value for rac in SecurityChecker.INJECTION_CHAR_LIST):
raise Exception(ErrorCode.GAUSS_502["GAUSS_50219"] % check_value +
" There are illegal characters.")
@staticmethod
def check_is_string(description, value):
"""
Check is string
"""
if not isinstance(value, str):
raise ValidationError(ErrorCode.GAUSS_500['GAUSS_50022'] % (description, 'string'))
@staticmethod
def check_max_length(description, value, max_length):
"""
Check max length
"""
if len(value) > max_length:
raise ValidationError(ErrorCode.GAUSS_500["GAUSS_50023"] % (description, max_length))
@staticmethod
def check_db_injection(description, value):
"""
Check db injection
"""
for rac in SecurityChecker.INJECTION_CHAR_LIST:
if value.find(rac) > 0:
raise ValidationError(ErrorCode.GAUSS_500['GAUSS_50025'] % (rac, description))
@staticmethod
def check_password(description, value):
if not re.match(SecurityChecker.PWD_VALIDATION_PATTERN, value):
raise ValidationError(ErrorCode.GAUSS_500["GAUSS_50024"] % description)
@staticmethod
def check_db_user(description, value):
SecurityChecker.check_is_string(description, value)
SecurityChecker.check_max_length(description, value, 256)
SecurityChecker.check_db_injection(description, value)
@staticmethod
def check_db_password(description, value):
SecurityChecker.check_is_string(description, value)
SecurityChecker.check_max_length(description, value, 256)
SecurityChecker.check_password(description, value)
@staticmethod
def check_is_digit(description, value):
if isinstance(value, int):
return
elif isinstance(value, str):
if not value.isdigit():
raise ValidationError(ErrorCode.GAUSS_500['GAUSS_50022']
% (description, 'integer'))
else:
raise ValidationError(ErrorCode.GAUSS_500['GAUSS_50022']
% (description, 'int or string'))
@staticmethod
def check_is_list(description, value):
if not isinstance(value, list):
raise ValidationError(ErrorCode.GAUSS_500['GAUSS_50022'] % (description, 'list'))
@staticmethod
def check_is_dict(description, value):
if not isinstance(value, dict):
raise ValidationError(ErrorCode.GAUSS_500['GAUSS_50022'] % (description, 'dict'))
@staticmethod
def check_ip_valid(description, value):
SecurityChecker.check_is_string(description, value)
if not re.match(SecurityChecker.IP_PATTERN, value):
raise ValidationError(ErrorCode.GAUSS_500["GAUSS_50024"] % description)
@staticmethod
def check_port_valid(description, value, max_value=65535, des2=''):
SecurityChecker.check_is_digit(description, value)
value = int(value) if not isinstance(value, int) else value
if value > max_value or value < 0:
raise ValidationError(ErrorCode.GAUSS_500['GAUSS_50022'] %
(description, 'between 0 and {}{}'.format(
str(max_value), des2)))
Reference in New Issue View Git Blame Copy Permalink