Jump to >

reviewboard.admin.security_checks

class BaseSecurityCheck[source]

Bases: object

Base class for a security check.

name = None[source]
desc = None[source]
fix_info = None[source]
setUp()[source]

Set up the security check.

execute()[source]

Execute the security check.

This must be implemented by subclasses.

Returns:A tuple of (success, error_message).
Return type:tuple
tearDown()[source]

Tear down the security check.

class BaseExecutableFileCheck[source]

Bases: reviewboard.admin.security_checks.BaseSecurityCheck

Base class for a security check involving uploaded files.

This handles registering files to check, storing them, and accessing them in order to determine whether a server-side or client-side vulnerability exists in the configuration around uploaded media files.

FILENAME_PREFIX = u'exec_security_check'[source]
__init__()[source]

Initialize the security check.

setUp()[source]

Set up the security check.

This will go through the various file extensions that we intend to check and create file attachments with the given content.

tearDown()[source]

Tear down the security check.

This will delete all of the files created in setUp.

execute()[source]

Execute the security check.

This will download each file that was created in setUp and check that the content matches what we expect.

Returns:A tuple of (success, error_message).
Return type:tuple
class ServerExecutableFileCheck[source]

Bases: reviewboard.admin.security_checks.BaseExecutableFileCheck

Check that uploaded files aren’t executed server-side.

Web servers like to run code in files named things like .php or .shtml. This check makes sure that user-uploaded files do not get executed when loading them via their URL.

name = u"Checking that uploaded files won't be executed by the server"[source]
desc = u'A misconfiguration in the web server can cause files attached to review requests to be executed as code. The file types checked in this test are: .html, .htm, .shtml, .php, .php3, .php4, .php5, .phps, .asp, .pl, .py, .fcgi, .cgi, .phtml, .phtm, .pht, .jsp, .sh, and .rb.'[source]
fix_info = u'For instructions on how to fix this problem, please visit <a href="http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments">http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments</a>'[source]
setUp()[source]

Set up the security check.

check_file(filename, url)[source]

Download a file and compare the resulting response to the file.

This makes sure that when we fetch a file via its URL, the returned contents are identical to the file contents. This returns True if the file contents match, and False otherwise.

Parameters:
  • filename (unicode) – The name of the file.
  • url (unicode) – The URL of the file.
Returns:

True if the file could be downloaded (or a HTTP 403 was hit) and the contents matched the expected value.

False if the download failed for some reason or the contents didn’t match expectations.

Return type:

bool

class BrowserExecutableFileCheck[source]

Bases: reviewboard.admin.security_checks.BaseExecutableFileCheck

Check that uploaded files won’t be executed client-side.

Some file types (like SVGs and HTML files) that can be viewed inline in the browser once downloaded are also capable of running JavaScript. When this happens, those scripts may have access to the same cookies and sessions allowed by Review Board itself (if Review Board is hosting the files). These security checks ensure that the server is set up to force these files to download, rather than allow inline viewing.

name = u"Checking downloaded files aren't executable by the browser"[source]
desc = u'Certain file types (such as SVG or HTML files) can contain embedded scripts that would be executed by your browser when viewed. We recommend forcing all uploaded media files to download when directly accessed in a browser. This applies only to files being served by Review Board, and not from a CDN.'[source]
fix_info = u'For instructions on how to fix this problem, please visit <a href="http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments">http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments</a>'[source]
setUp()[source]

Set up the security check.

check_file(filename, url)[source]

Download a file and check for expected headers.

This makes sure that when we fetch a file via its URL, the returned file’s headers would instruct the browser to force a download, rather than view the contents inline.

Parameters:
  • filename (unicode) – The name of the file.
  • url (unicode) – The URL of the file.
Returns:

True if the file could be downloaded and the headers contain Content-Disposition: attachment.

False if the download failed for some reason or the header was not what we expected.

Return type:

bool

class AllowedHostsCheck[source]

Bases: reviewboard.admin.security_checks.BaseSecurityCheck

Check that the ALLOWED_HOSTS setting is configured.

In order to prevent URL inejections, Django requires that ALLOWED_HOSTS be configured with a list of hostnames for which Review Board will answer. People upgrading from previous versions will have this set to a wildcard.

name = u'Checking ALLOWED_HOSTS setting'[source]
desc = u'ALLOWED_HOSTS is a list containing the host/domain names that Review Board will consider valid for this server to serve. This is a security measure to prevent an attacker from poisoning cache and password reset e-mails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe web server configurations.'[source]
fix_info = u"To fix this, edit the settings_local.py in the site's conf directory and add a line like this with your site's URL: <pre>ALLOWED_HOSTS = ['example.com']</pre>"[source]
execute()[source]

Execute the security check.

This checks the value of the ALLOWED_HOSTS setting to make sure that it contains one or more hostnames.

class SecurityCheckRunner[source]

Bases: object

This is a runner to execute the security checks defined above.

In order for a check to be run in this runner it needs to be added to the _security_checks list.

The information that comes back from a single check is the following:

name:
User-friendly name used to describe the check.
desc:
A more detailed description to provide information about the check.
result:
True if the check passed, or False if it failed or there was an exception during its execution.
error_msg:
A description of what failed. This will be blank if the test passes.
fix_info:
Instructions containing what a user should do if a check fails.
__init__()[source]

Initialize the security check runner.

run()[source]

Run all security checks and return the results.

get_security_checks()[source]

Return the list of security checks.

register_security_check(name, cls)[source]

Register a custom security check.

unregister_security_check(name)[source]

Unregister a previously registered security check.