Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Django Design Patterns and Best Practices Industry-standard web development techniques and solutions using Python

Product type Paperback

Published in May 2018

Publisher Packt

ISBN-13 9781788831345

Length 282 pages

Edition 2nd Edition

Languages

Python

Tools

Django

Concepts

Design Patterns

Author (1):

Arun Ravindran

View More author details

Table of Contents (16) Chapters

Preface

1. Django and Patterns

2. Application Design FREE CHAPTER

3. Models

4. Views and URLs

5. Templates

6. Admin Interface

7. Forms

8. Working Asynchronously

9. Creating APIs

10. Dealing with Legacy Code

11. Testing and Debugging

12. Security

13. Production-Ready

14. Python 2 Versus Python 3

15. Other Books You May Enjoy

Leave a review - let other readers know what you think

Shell injection

As the name suggests, shell injection or command injection allows an attacker to inject malicious code into a system shell such as bash. Even web applications use command-line programs for convenience and their functionality. Such processes are typically run within a shell.

For example, if you want to show all the details of a file whose name is given by the user, a naïve implementation would be as follows:

os.system("ls -l {}".format(filename))

An attacker can enter the filename as manage.py; rm -rf * and delete all the
files in your directory. In general, it is not advisable to use os.system. The subprocess module is a safer alternative (or even better, you can use os.stat() to get the file's attributes).

Since a shell will interpret the command-line arguments and environment variables, setting malicious values in them can allow the...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Ravindran

Arun Ravindran is an avid speaker and blogger who has been tinkering with Django since 2007 for projects ranging from intranet applications to social networks. He is a long-time open source enthusiast and Python developer. His articles and screencasts have been invaluable to the rapidly growing Django community. He is currently a developer member of the Django Software Foundation. Arun is also a movie buff and loves graphic novels and comics.

See other products by Ravindran