iceone213
Reputation: 1161
How to sanitize url string in Python?
I have a python app that works with URL lists and produces bash script as an output.
How to sanitize URL so that a malicious user could not inject bash commands that will be executed on my infrastructure.
For instance:
http://www.circl.lu/a.php?rm -Rf /etc
Upvotes: 4
Views: 10825
Answers (1)
schilli
Reputation: 1848
I guess urllib is an option to parse the urls, in order to escape harmful characters. At least it looks like a good resource for your use case. See the docs of url-quoting.
from urllib.parse import quote
quote('touch foo', safe='/')
quote('rm -Rf /etc', safe='/')
quote('http://www.circl.lu/a.php?rm -Rf /etc', safe='/:?&')
#'touch%20foo'
#'rm%20-Rf%20/etc'
#'http://www.circl.lu/a.php?rm%20-Rf%20/etc'
Upvotes: 6
Related Questions
- Python encode spaces in url only and not other special characters
- Sanitizing URL strings
- How to convert a url string to safe characters with python?
- URL String Manipulation in Python
- Keep text clean from url
- sanitize && build url
- Python and converting string into valid URL
- strip string from url in Python
- How to sanitize username that would be in urls
- convert string to valid url content