stackoom
  简体   繁体   中英

How to check if a python module is sending my data when i use it?

 原文  2018-07-30 10:46:21       python/ security/ https/ httprequest

Question

The title pretty much says it.
I need to make sure that while I am working with python modules there isn't any sort of malicious code in the module, specifacily the type that scrapes data from the machine runnign the code and sends it elsewhere?
do i have a method of doing that with python?
can i be certain this is done even when i am using modules like requests for sending and receiving HTTP GET\\POST requests?
I mean is there a way to check this without reading every line of code in module?

2 answers

solution1
 1  2018-07-30 10:53:50

You question is not really connected to python it is more a security risk. Python is a dynamic language so checking if any module behaves correctly is near impossible. However, what you can do it setup a virtual machine sandbox run your program with some fake data and check if guest machine tries to make some strange connections. You can than inspect where data is being send in what format and then trace it back to malicious code fragment in one of the modules.

EDIT

The only other option is if you are sure what method/function the malicious code will use. If it is for example the request library you could patch for example the post() method to check the destination or the package that is being send. However the malicious code could use its own implementation so you cannot be 100% sure.

A link on how to patch post() method

How to unit test a POST method in python?

solution2
 1  2018-07-30 11:05:05

It's better to have a global approach using tools like Wireshark for example that lets you sniff the packets sent/received by your machine.

With that said, in python, you could overwrite some methods that you're suspicious about. Here's the idea 

import requests


def write_to_logs(message):
    print(message)  # Or you could store in a log file

original_get = requests.get

def mocked_get(*args, **kwargs):
    write_to_logs('get method triggered with args = {}, kwargs= {}'.format(args,kwargs))
    original_get(*args, **kwargs)

requests.get = mocked_get

response = requests.get('http://google.com')

Output : 

get method triggered with args = ('http://google.com',), kwargs= {}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Sending data to my own module in Python Python: How to connect BLE device when i use bleak module ImportError: when I use quandl module in python How can I track how much data my Python program is sending / receiving over the network? How can I use the Visual module? - Python How to use a simple module that I created in python? Why is Python running my module when I import it, and how do I stop it? How can I use a PHP module in my Python Google Apps Engine How do I use the Python Scrapy module to list all the URLs from my website? How do i import/use an image in my python code? preferably without an external module
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM