The list of possible sources for suricata-update is downloaded from "https://www.openinfosecfoundation.org/rules/index.yaml" per default. Suricata-Update uses the insecure yaml.load()-function. Code will be executed if the yaml-file contains lines like:
hello: !!python/object/apply:os.system ['ls -l > /tmp/output']
The vulnerable function can be triggered by "suricata-update list-sources". The locally stored index.yaml will be loaded in this function and the malicious code gets executed.
This commit fixes Bug #2359
if args.config:
logger.info("Loading %s", args.config)
with open(args.config, "rb") as fileobj:
- config = yaml.load(fileobj)
+ config = yaml.safe_load(fileobj)
if config:
_config.update(config)
elif os.path.exists(DEFAULT_UPDATE_YAML_PATH):
logger.info("Loading %s", DEFAULT_UPDATE_YAML_PATH)
with open(DEFAULT_UPDATE_YAML_PATH, "rb") as fileobj:
- config = yaml.load(fileobj)
+ config = yaml.safe_load(fileobj)
if config:
_config.update(config)
self.reload()
def reload(self):
- index = yaml.load(open(self.filename, "rb"))
+ index = yaml.safe_load(open(self.filename, "rb"))
self.index = index
def resolve_url(self, name, params={}):
for filename in filenames:
if filename.endswith(".yaml"):
path = os.path.join(dirpath, filename)
- source = yaml.load(open(path, "rb"))
+ source = yaml.safe_load(open(path, "rb"))
sources[source["source"]] = source
if "params" in source:
projects / thirdparty / suricata-update.git / commitdiff
