pyt
pyt copied to clipboard
python-security
How to handle callbacks
Hi, I am trying pyt to work through callbacks. It taints the function arguments but not callbacks. If anyone has any idea about this , please let me know.
Hello! Please can you give some example code to clarify what behaviour you're expecting as I'm not sure I fully understand the question.
class MyData: def init(self): self.a = None self.b = None self.x = None self.y = None def a_callback(self, msg): self.a = msg def b_callback(self, msg): self.b = msg def get_x(self): self.x = self.a +self.b def talker(self): pub = rospy.Publisher('C', Float64MultiArray, queue_size=10) rospy.init_node('talker', anonymous=True) rate = rospy.Rate(10) # 10hz while not rospy.is_shutdown(): pub.publish(self.x) rate.sleep() if name == 'main': rospy.init_node('listener') mydata = MyData() rospy.Subscriber('a', Float64MultiArray , mydata.a_callback) mydata.get_x() mydata.talker()
The above statement that is bold uses callback (a_callback) but the 'msg' in callback does not gets tainted at all giving us no vulnerability as a result but it give vulnerability. My source is supposed to be rospy.Subscriber and sink is rospy.Publisher . I hope I made it a little clear.