{"id":102375,"date":"2022-04-28T19:37:19","date_gmt":"2022-04-28T11:37:19","guid":{"rendered":"http:\/\/www.zhushiyao.com\/?p=102375"},"modified":"2022-04-28T19:39:11","modified_gmt":"2022-04-28T11:39:11","slug":"9de5785975","status":"publish","type":"post","link":"http:\/\/www.zhushiyao.com\/?p=102375","title":{"rendered":"\u8b66\u60d5\uff01Python \u4e2d\u5c11\u4e3a\u4eba\u77e5\u7684 10 \u4e2a\u5b89\u5168\u9677\u9631\uff01"},"content":{"rendered":"<div class=\"bpp-post-content\">\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; visibility: visible; box-sizing: border-box !important; overflow-wrap: break-word !important;\">Python \u5f00\u53d1\u8005\u4eec\u5728\u4f7f\u7528\u6807\u51c6\u5e93\u548c\u901a\u7528\u6846\u67b6\u65f6\uff0c\u90fd\u4ee5\u4e3a\u81ea\u5df1\u7684\u7a0b\u5e8f\u5177\u6709\u53ef\u9760\u7684\u5b89\u5168\u6027\u3002\u7136\u800c\uff0c\u5728 Python \u4e2d\uff0c\u5c31\u50cf\u5728\u4efb\u4f55\u5176\u5b83\u7f16\u7a0b\u8bed\u8a00\u4e2d\u4e00\u6837\uff0c\u6709\u4e00\u4e9b\u7279\u6027\u53ef\u80fd\u4f1a\u88ab\u5f00\u53d1\u8005\u4eec\u8bef\u89e3\u6216\u8bef\u7528\u3002\u901a\u5e38\u800c\u8a00\uff0c\u53ea\u6709\u6781\u5c11\u7684\u5fae\u5999\u4e4b\u5904\u6216\u7ec6\u8282\u4f1a\u4f7f\u5f00\u53d1\u8005\u4eec\u758f\u5ffd\u5927\u610f\uff0c\u4ece\u800c\u5728\u4ee3\u7801\u4e2d\u5f15\u5165\u4e25\u91cd\u7684\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; visibility: visible; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u8fd9\u7bc7\u535a\u6587\u4e2d\uff0c\u6211\u4eec\u5c06\u5206\u4eab\u5728\u5b9e\u9645 Python \u9879\u76ee\u4e2d\u9047\u5230\u7684 10 \u4e2a\u5b89\u5168\u9677\u9631\u3002\u6211\u4eec\u9009\u62e9\u4e86\u4e00\u4e9b\u5728\u6280\u672f\u5708\u4e2d\u4e0d\u592a\u4e3a\u4eba\u6240\u77e5\u7684\u9677\u9631\u3002\u901a\u8fc7\u4ecb\u7ecd\u6bcf\u4e2a\u95ee\u9898\u53ca\u5176\u9020\u6210\u7684\u5f71\u54cd\uff0c\u6211\u4eec\u5e0c\u671b\u63d0\u9ad8\u4eba\u4eec\u5bf9\u8fd9\u4e9b\u95ee\u9898\u7684\u611f\u77e5\uff0c\u5e76\u63d0\u9ad8\u5927\u5bb6\u7684\u5b89\u5168\u610f\u8bc6\u3002\u5982\u679c\u4f60\u6b63\u5728\u4f7f\u7528\u8fd9\u4e9b\u7279\u6027\uff0c\u8bf7\u4e00\u5b9a\u8981\u6392\u67e5\u4f60\u7684 Python \u4ee3\u7801\uff01<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">1.\u88ab\u4f18\u5316\u6389\u7684\u65ad\u8a00<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">Python \u652f\u6301\u4ee5\u4f18\u5316\u7684\u65b9\u5f0f\u6267\u884c\u4ee3\u7801\u3002\u8fd9\u4f7f\u4ee3\u7801\u8fd0\u884c\u5f97\u66f4\u5feb\uff0c\u5185\u5b58\u7528\u5f97\u66f4\u5c11\u3002\u5f53\u7a0b\u5e8f\u88ab\u5927\u89c4\u6a21\u4f7f\u7528\uff0c\u6216\u8005\u53ef\u7528\u7684\u8d44\u6e90\u5f88\u5c11\u65f6\uff0c\u8fd9\u79cd\u65b9\u6cd5\u5c24\u5176\u6709\u6548\u3002\u4e00\u4e9b\u9884\u6253\u5305\u7684 Python \u7a0b\u5e8f\u63d0\u4f9b\u4e86\u4f18\u5316\u7684\u5b57\u8282\u7801\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u7136\u800c\uff0c\u5f53\u4ee3\u7801\u88ab\u4f18\u5316\u65f6\uff0c\u6240\u6709\u7684 assert \u8bed\u53e5\u90fd\u4f1a\u88ab\u5ffd\u7565\u3002\u5f00\u53d1\u8005\u6709\u65f6\u4f1a\u4f7f\u7528\u5b83\u4eec\u6765\u5224\u65ad\u4ee3\u7801\u4e2d\u7684\u67d0\u4e9b\u6761\u4ef6\u3002\u4f8b\u5982\uff0c\u5982\u679c\u4f7f\u7528\u65ad\u8a00\u6765\u4f5c\u8eab\u4efd\u9a8c\u8bc1\u68c0\u67e5\uff0c\u5219\u53ef\u80fd\u5bfc\u81f4\u5b89\u5168\u7ed5\u8fc7\u3002<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">def<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">superuser_action<\/span><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">(request,\u00a0user)<\/span>:<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">assert<\/span>\u00a0user.is_super_user<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #5c6370; font-style: italic; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">#\u00a0execute\u00a0action\u00a0as\u00a0super\u00a0user<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d\uff0c\u7b2c 2 \u884c\u4e2d\u7684 assert \u8bed\u53e5\u5c06\u88ab\u5ffd\u7565\uff0c\u5bfc\u81f4\u975e\u8d85\u7ea7\u7528\u6237\u4e5f\u53ef\u4ee5\u8fd0\u884c\u5230\u4e0b\u4e00\u884c\u4ee3\u7801\u3002\u4e0d\u63a8\u8350\u4f7f\u7528 assert \u8bed\u53e5\u8fdb\u884c\u5b89\u5168\u76f8\u5173\u7684\u68c0\u67e5\uff0c\u4f46\u6211\u4eec\u786e\u5b9e\u5728\u5b9e\u9645\u7684\u9879\u76ee\u4e2d\u770b\u5230\u8fc7\u5b83\u4eec\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">2. MakeDirs \u6743\u9650<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"margin: 3px; padding: 3px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 14px; border-radius: 4px; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; word-break: break-all; color: #9b6e23; background-color: #fff5e3;\">os.makdirs<\/code>\u00a0\u51fd\u6570\u53ef\u4ee5\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u521b\u5efa\u4e00\u4e2a\u6216\u591a\u4e2a\u6587\u4ef6\u5939\u3002\u5b83\u7684\u7b2c\u4e8c\u4e2a\u53c2\u6570 mode \u7528\u4e8e\u6307\u5b9a\u521b\u5efa\u7684\u6587\u4ef6\u5939\u7684\u9ed8\u8ba4\u6743\u9650\u3002\u5728\u4e0b\u9762\u4ee3\u7801\u7684\u7b2c 2 \u884c\u4e2d\uff0c\u6587\u4ef6\u5939 A\/B\/C \u662f\u7528 rwx&#8212;&#8212; (0o700) \u6743\u9650\u521b\u5efa\u7684\u3002\u8fd9\u610f\u5473\u7740\u53ea\u6709\u5f53\u524d\u7528\u6237\uff08\u6240\u6709\u8005\uff09\u62e5\u6709\u8fd9\u4e9b\u6587\u4ef6\u5939\u7684\u8bfb\u3001\u5199\u548c\u6267\u884c\u6743\u9650\u3002<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">def<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">init_directories<\/span><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">(request)<\/span>:<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0os.makedirs(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"A\/B\/C\"<\/span>,\u00a0mode=<span style=\"outline: 0px; max-width: 100%; color: #d19a66; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">0o700<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"Done!\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728 Python &lt; 3.6 \u7248\u672c\u4e2d\uff0c\u521b\u5efa\u51fa\u7684\u6587\u4ef6\u5939 A\u3001B \u548c C \u7684\u6743\u9650\u90fd\u662f 700\u3002\u4f46\u662f\uff0c\u5728 Python &gt; 3.6 \u7248\u672c\u4e2d\uff0c\u53ea\u6709\u6700\u540e\u4e00\u4e2a\u6587\u4ef6\u5939 C \u7684\u6743\u9650\u4e3a 700\uff0c\u5176\u5b83\u6587\u4ef6\u5939 A \u548c B \u7684\u6743\u9650\u4e3a\u9ed8\u8ba4\u7684 755\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u56e0\u6b64\uff0c\u5728 Python &gt; 3.6 \u4e2d\uff0c<code style=\"margin: 3px; padding: 3px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 14px; border-radius: 4px; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; word-break: break-all; color: #9b6e23; background-color: #fff5e3;\">os.makdirs<\/code>\u00a0\u51fd\u6570\u7b49\u4ef7\u4e8e Linux \u7684\u8fd9\u6761\u547d\u4ee4\uff1a<code style=\"margin: 3px; padding: 3px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 14px; border-radius: 4px; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; word-break: break-all; color: #9b6e23; background-color: #fff5e3;\">mkdir -m 700 -p A\/B\/C<\/code>\u3002\u6709\u4e9b\u5f00\u53d1\u8005\u6ca1\u6709\u610f\u8bc6\u5230\u7248\u672c\u4e4b\u95f4\u7684\u5dee\u5f02\uff0c\u8fd9\u5df2\u7ecf\u5728 Django \u4e2d\u9020\u6210\u4e86\u4e00\u4e2a\u6743\u9650\u8d8a\u7ea7\u6f0f\u6d1e\uff08cve &#8211; 2022 -24583\uff09\uff0c\u65e0\u72ec\u6709\u5076\uff0c\u8fd9\u5728 WordPress \u4e2d\u4e5f\u9020\u6210\u4e86\u4e00\u4e2a\u52a0\u56fa\u7ed5\u8fc7\u95ee\u9898\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">3.\u7edd\u5bf9\u8def\u5f84\u62fc\u63a5<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"margin: 3px; padding: 3px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 14px; border-radius: 4px; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; word-break: break-all; color: #9b6e23; background-color: #fff5e3;\">os.path.join(path, *paths)<\/code>\u00a0\u51fd\u6570\u7528\u4e8e\u5c06\u591a\u4e2a\u6587\u4ef6\u8def\u5f84\u8fde\u63a5\u6210\u4e00\u4e2a\u7ec4\u5408\u7684\u8def\u5f84\u3002\u7b2c\u4e00\u4e2a\u53c2\u6570\u901a\u5e38\u5305\u542b\u4e86\u57fa\u7840\u8def\u5f84\uff0c\u800c\u4e4b\u540e\u7684\u6bcf\u4e2a\u53c2\u6570\u90fd\u88ab\u5f53\u505a\u7ec4\u4ef6\u62fc\u63a5\u5230\u57fa\u7840\u8def\u5f84\u540e\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u7136\u800c\uff0c\u8fd9\u4e2a\u51fd\u6570\u6709\u4e00\u4e2a\u5c11\u6709\u4eba\u77e5\u7684\u7279\u6027\u3002\u5982\u679c\u62fc\u63a5\u7684\u67d0\u4e2a\u8def\u5f84\u4ee5 \/ \u5f00\u5934\uff0c\u90a3\u4e48\u5305\u62ec\u57fa\u7840\u8def\u5f84\u5728\u5185\u7684\u6240\u6709\u524d\u7f00\u8def\u5f84\u90fd\u5c06\u88ab\u5220\u9664\uff0c\u8be5\u8def\u5f84\u5c06\u88ab\u89c6\u4e3a\u7edd\u5bf9\u8def\u5f84\u3002\u4e0b\u9762\u7684\u793a\u4f8b\u63ed\u793a\u4e86\u5f00\u53d1\u8005\u53ef\u80fd\u9047\u5230\u7684\u8fd9\u4e2a\u9677\u9631\u3002<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">def<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">read_file<\/span><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">(request)<\/span>:<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0filename\u00a0=\u00a0request.POST[<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'filename'<\/span>]<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0file_path\u00a0=\u00a0os.path.join(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"var\"<\/span>,\u00a0<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"lib\"<\/span>,\u00a0filename)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">if<\/span>\u00a0file_path.find(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\".\"<\/span>)\u00a0!=\u00a0<span style=\"outline: 0px; max-width: 100%; color: #d19a66; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">-1<\/span>:<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"Failed!\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">with<\/span>\u00a0open(file_path)\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">as<\/span>\u00a0f:<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(f.read(),\u00a0content_type=<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'text\/plain'<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u7b2c 3 \u884c\u4e2d\uff0c\u6211\u4eec\u4f7f\u7528 os.path.join \u51fd\u6570\u5c06\u7528\u6237\u8f93\u5165\u7684\u6587\u4ef6\u540d\u6784\u9020\u51fa\u76ee\u6807\u8def\u5f84\u3002\u5728\u7b2c 4 \u884c\u4e2d\uff0c\u68c0\u67e5\u751f\u6210\u7684\u8def\u5f84\u662f\u5426\u5305\u542b\u201d.\u201c\uff0c\u9632\u6b62\u51fa\u73b0\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u4f46\u662f\uff0c\u5982\u679c\u653b\u51fb\u8005\u4f20\u5165\u7684\u6587\u4ef6\u540d\u53c2\u6570\u4e3a\u201d\/a\/b\/c.txt\u201c\uff0c\u90a3\u4e48\u7b2c 3 \u884c\u5f97\u5230\u7684\u53d8\u91cf file_path \u4f1a\u662f\u4e00\u4e2a\u7edd\u5bf9\u8def\u5f84\uff08\/a\/b\/c.txt\uff09\u3002\u5373 os.path.join \u4f1a\u5ffd\u7565\u6389\u201dvar\/lib\u201c\u90e8\u5206\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u4e0d\u4f7f\u7528\u201c.\u201d\u5b57\u7b26\u5c31\u8bfb\u53d6\u5230\u4efb\u4f55\u6587\u4ef6\u3002\u5c3d\u7ba1 os.path.join \u7684\u6587\u6863\u4e2d\u63cf\u8ff0\u4e86\u8fd9\u79cd\u884c\u4e3a\uff0c\u4f46\u8fd9\u8fd8\u662f\u5bfc\u81f4\u4e86\u8bb8\u591a\u6f0f\u6d1e\uff08Cuckoo Sandbox Evasion\uff0c CVE-2020-35736\uff09\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">4. \u4efb\u610f\u7684\u4e34\u65f6\u6587\u4ef6<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"margin: 3px; padding: 3px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important; font-size: 14px; border-radius: 4px; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; word-break: break-all; color: #9b6e23; background-color: #fff5e3;\">tempfile.NamedTemporaryFile<\/code>\u00a0\u51fd\u6570\u7528\u4e8e\u521b\u5efa\u5177\u6709\u7279\u5b9a\u540d\u79f0\u7684\u4e34\u65f6\u6587\u4ef6\u3002\u4f46\u662f\uff0cprefix\uff08\u524d\u7f00\uff09\u548c suffix\uff08\u540e\u7f00\uff09\u53c2\u6570\u5f88\u5bb9\u6613\u53d7\u5230\u8def\u5f84\u904d\u5386\u653b\u51fb\uff08Issue 35278\uff09\u3002\u5982\u679c\u653b\u51fb\u8005\u63a7\u5236\u4e86\u8fd9\u4e9b\u53c2\u6570\u4e4b\u4e00\uff0c\u4ed6\u5c31\u53ef\u4ee5\u5728\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u4efb\u610f\u4f4d\u7f6e\u521b\u5efa\u51fa\u4e00\u4e2a\u4e34\u65f6\u6587\u4ef6\u3002\u4e0b\u9762\u7684\u793a\u4f8b\u63ed\u793a\u4e86\u5f00\u53d1\u8005\u53ef\u80fd\u9047\u5230\u7684\u4e00\u4e2a\u9677\u9631\u3002<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">def<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">touch_tmp_file<\/span><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">(request)<\/span>:<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0id\u00a0=\u00a0request.GET[<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'id'<\/span>]<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0tmp_file\u00a0=\u00a0tempfile.NamedTemporaryFile(prefix=id)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">f\"tmp\u00a0file:\u00a0<span style=\"outline: 0px; max-width: 100%; color: #e06c75; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">{tmp_file}<\/span>\u00a0created!\"<\/span>,\u00a0content_type=<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'text\/plain'<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u7b2c 3 \u884c\u4e2d\uff0c\u7528\u6237\u8f93\u5165\u7684 id \u88ab\u5f53\u4f5c\u4e34\u65f6\u6587\u4ef6\u7684\u524d\u7f00\u3002\u5982\u679c\u653b\u51fb\u8005\u4f20\u5165\u7684 id \u53c2\u6570\u662f\u201c\/..\/var\/www\/test\u201d\uff0c\u5219\u4f1a\u521b\u5efa\u51fa\u8fd9\u6837\u7684\u4e34\u65f6\u6587\u4ef6\uff1a\/var\/www\/test_zdllj17\u3002\u7c97\u770b\u8d77\u6765\uff0c\u8fd9\u53ef\u80fd\u662f\u65e0\u5bb3\u7684\uff0c\u4f46\u5b83\u4f1a\u4e3a\u653b\u51fb\u8005\u521b\u9020\u51fa\u6316\u6398\u66f4\u590d\u6742\u7684\u6f0f\u6d1e\u7684\u57fa\u7840\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">5.\u6269\u5c55\u7684 Zip Slip<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728 Web \u5e94\u7528\u4e2d\uff0c\u901a\u5e38\u9700\u8981\u89e3\u538b\u4e0a\u4f20\u540e\u7684\u538b\u7f29\u6587\u4ef6\u3002\u5728 Python \u4e2d\uff0c\u5f88\u591a\u4eba\u90fd\u77e5\u9053 TarFile.extractall \u4e0e TarFile.extract \u51fd\u6570\u5bb9\u6613\u53d7\u5230 Zip Slip \u653b\u51fb\u3002\u653b\u51fb\u8005\u901a\u8fc7\u7be1\u6539\u538b\u7f29\u5305\u4e2d\u7684\u6587\u4ef6\u540d\uff0c\u4f7f\u5176\u5305\u542b\u8def\u5f84\u904d\u5386\uff08..\/\uff09\u5b57\u7b26\uff0c\u4ece\u800c\u53d1\u8d77\u653b\u51fb\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u8fd9\u5c31\u662f\u4e3a\u4ec0\u4e48\u538b\u7f29\u6587\u4ef6\u5e94\u8be5\u59cb\u7ec8\u88ab\u89c6\u4e3a\u4e0d\u53d7\u4fe1\u6765\u6e90\u7684\u539f\u56e0\u3002zipfile.extractall \u4e0e zipfile.extract \u51fd\u6570\u53ef\u4ee5\u5bf9 zip \u5185\u5bb9\u8fdb\u884c\u6e05\u6d17\uff0c\u4ece\u800c\u9632\u6b62\u8fd9\u7c7b\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u4f46\u662f\uff0c\u8fd9\u5e76\u4e0d\u610f\u5473\u7740\u5728 ZipFile \u5e93\u4e2d\u4e0d\u4f1a\u51fa\u73b0\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u4e0b\u9762\u662f\u4e00\u6bb5\u89e3\u538b\u7f29\u6587\u4ef6\u7684\u4ee3\u7801\u3002<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">def<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">extract_html<\/span><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">(request)<\/span>:<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0filename\u00a0=\u00a0request.FILES[<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'filename'<\/span>]<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0zf\u00a0=\u00a0zipfile.ZipFile(filename.temporary_file_path(),\u00a0<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"r\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">for<\/span>\u00a0entry\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">in<\/span>\u00a0zf.namelist():<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">if<\/span>\u00a0entry.endswith(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\".html\"<\/span>):<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0file_content\u00a0=\u00a0zf.read(entry)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">with<\/span>\u00a0open(entry,\u00a0<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"wb\"<\/span>)\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">as<\/span>\u00a0fp:<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0fp.write(file_content)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0zf.close()<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"HTML\u00a0files\u00a0extracted!\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u7b2c 3 \u884c\u4ee3\u7801\u6839\u636e\u7528\u6237\u4e0a\u4f20\u6587\u4ef6\u7684\u4e34\u65f6\u8def\u5f84\uff0c\u521b\u5efa\u51fa\u4e00\u4e2a ZipFile \u5904\u7406\u5668\u3002\u7b2c 4 &#8211; 8 \u884c\u4ee3\u7801\u5c06\u6240\u6709\u4ee5\u201c.html\u201d\u7ed3\u5c3e\u7684\u538b\u7f29\u9879\u63d0\u53d6\u51fa\u6765\u3002\u7b2c 4 \u884c\u4e2d\u7684 zf.namelist \u51fd\u6570\u4f1a\u53d6\u5230 zip \u5185\u538b\u7f29\u9879\u7684\u540d\u79f0\u3002\u6ce8\u610f\uff0c\u53ea\u6709 zipfile.extract \u4e0e zipfile.extractall \u51fd\u6570\u4f1a\u5bf9\u538b\u7f29\u9879\u8fdb\u884c\u6e05\u6d17\uff0c\u5176\u5b83\u4efb\u4f55\u51fd\u6570\u90fd\u4e0d\u4f1a\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a\u6587\u4ef6\u540d\uff0c\u4f8b\u5982\u201c..\/..\/..\/var\/www\/html\u201d\uff0c\u5185\u5bb9\u968f\u610f\u586b\u3002\u8be5\u6076\u610f\u6587\u4ef6\u7684\u5185\u5bb9\u4f1a\u5728\u7b2c 6 \u884c\u88ab\u8bfb\u53d6\uff0c\u5e76\u5728\u7b2c 7-8 \u884c\u5199\u5165\u88ab\u653b\u51fb\u8005\u63a7\u5236\u7684\u8def\u5f84\u3002\u56e0\u6b64\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u6574\u4e2a\u670d\u52a1\u5668\u4e0a\u521b\u5efa\u4efb\u610f\u7684 HTML \u6587\u4ef6\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5982\u4e0a\u6240\u8ff0\uff0c\u538b\u7f29\u5305\u4e2d\u7684\u6587\u4ef6\u5e94\u8be5\u88ab\u770b\u4f5c\u662f\u4e0d\u53d7\u4fe1\u4efb\u7684\u3002\u5982\u679c\u4f60\u4e0d\u4f7f\u7528 zipfile.extractall \u6216\u8005 zipfile.extract\uff0c\u4f60\u5c31\u5fc5\u987b\u5bf9 zip \u5185\u6587\u4ef6\u7684\u540d\u79f0\u8fdb\u884c\u201c\u6d88\u6bd2\u201d\uff0c\u4f8b\u5982\u4f7f\u7528 os.path.basename\u3002\u5426\u5219\uff0c\u5b83\u53ef\u80fd\u5bfc\u81f4\u4e25\u91cd\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u5c31\u50cf\u5728 NLTK Downloader \uff08CVE-2019-14751\uff09\u4e2d\u53d1\u73b0\u7684\u90a3\u6837\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">6. \u4e0d\u5b8c\u6574\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u5339\u914d<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u6b63\u5219\u8868\u8fbe\u5f0f\uff08regex\uff09\u662f\u5927\u591a\u6570 Web \u7a0b\u5e8f\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u90e8\u5206\u3002\u6211\u4eec\u7ecf\u5e38\u80fd\u770b\u5230\u5b83\u88ab\u81ea\u5b9a\u4e49\u7684 Web \u5e94\u7528\u9632\u706b\u5899\uff08WAF\uff0cWeb Application Firewalls\uff09\u7528\u6765\u4f5c\u8f93\u5165\u9a8c\u8bc1\uff0c\u4f8b\u5982\u68c0\u6d4b\u6076\u610f\u5b57\u7b26\u4e32\u3002\u5728 Python \u4e2d\uff0cre.match \u548c re.search \u4e4b\u95f4\u6709\u7740\u7ec6\u5fae\u7684\u533a\u522b\uff0c\u6211\u4eec\u5c06\u5728\u4e0b\u9762\u7684\u4ee3\u7801\u7247\u6bb5\u4e2d\u6f14\u793a\u3002<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">def<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">is_sql_injection<\/span><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">(request)<\/span>:<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0pattern\u00a0=\u00a0re.compile(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">r\".*(union)|(select).*\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0name_to_test\u00a0=\u00a0request.GET[<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'name'<\/span>]<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">if<\/span>\u00a0re.search(pattern,\u00a0name_to_test):<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #56b6c2; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">True<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #56b6c2; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">False<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u7b2c 2 \u884c\u4e2d\uff0c\u6211\u4eec\u5b9a\u4e49\u4e86\u4e00\u4e2a\u5339\u914d union \u6216\u8005 select \u7684\u6a21\u5f0f\uff0c\u4ee5\u68c0\u6d4b\u53ef\u80fd\u7684 SQL \u6ce8\u5165\u3002\u8fd9\u662f\u4e00\u4e2a\u7cdf\u7cd5\u7684\u5199\u6cd5\uff0c\u56e0\u4e3a\u4f60\u53ef\u4ee5\u8f7b\u6613\u5730\u7ed5\u8fc7\u8fd9\u4e9b\u9ed1\u540d\u5355\uff0c\u4f46\u6211\u4eec\u5df2\u7ecf\u5728\u7ebf\u4e0a\u7684\u7a0b\u5e8f\u4e2d\u89c1\u8fc7\u5b83\u3002\u5728\u7b2c 4 \u884c\u4e2d\uff0c\u51fd\u6570 re.match \u4f7f\u7528\u524d\u9762\u5b9a\u4e49\u597d\u7684\u6a21\u5f0f\uff0c\u68c0\u67e5\u7b2c 3 \u884c\u4e2d\u7684\u7528\u6237\u8f93\u5165\u5185\u5bb9\u662f\u5426\u5305\u542b\u8fd9\u4e9b\u6076\u610f\u7684\u503c\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u7136\u800c\uff0c\u4e0e re.search \u51fd\u6570\u4e0d\u540c\u7684\u662f\uff0cre.match \u51fd\u6570\u4e0d\u5339\u914d\u65b0\u884c\u3002\u4f8b\u5982\uff0c\u5982\u679c\u653b\u51fb\u8005\u63d0\u4ea4\u4e86\u503c aaaaaa n union select\uff0c\u8fd9\u4e2a\u8f93\u5165\u5c31\u5339\u914d\u4e0d\u4e0a\u6b63\u5219\u8868\u8fbe\u5f0f\u3002\u56e0\u6b64\uff0c\u68c0\u67e5\u53ef\u4ee5\u88ab\u7ed5\u8fc7\uff0c\u5931\u53bb\u4fdd\u62a4\u4f5c\u7528\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u603b\u800c\u8a00\u4e4b\uff0c\u6211\u4eec\u4e0d\u5efa\u8bae\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u9ed1\u540d\u5355\u8fdb\u884c\u4efb\u4f55\u5b89\u5168\u68c0\u67e5\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">7. Unicode \u6e05\u6d17\u5668\u7ed5\u8fc7<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">Unicode \u652f\u6301\u7528\u591a\u79cd\u5f62\u5f0f\u6765\u8868\u793a\u5b57\u7b26\uff0c\u5e76\u5c06\u8fd9\u4e9b\u5b57\u7b26\u6620\u5c04\u5230\u7801\u70b9\u3002\u5728 Unicode \u6807\u51c6\u4e2d\uff0c\u4e0d\u540c\u7684 Unicode \u5b57\u7b26\u6709\u56db\u79cd\u5f52\u4e00\u5316\u65b9\u6848\u3002\u7a0b\u5e8f\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u5f52\u4e00\u5316\u65b9\u6cd5\uff0c\u4ee5\u72ec\u7acb\u4e8e\u4eba\u7c7b\u8bed\u8a00\u7684\u6807\u51c6\u65b9\u5f0f\u6765\u5b58\u50a8\u6570\u636e\uff0c\u4f8b\u5982\u7528\u6237\u540d\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u7136\u800c\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e9b\u5f52\u4e00\u5316\uff0c\u8fd9\u5df2\u7ecf\u5bfc\u81f4\u4e86 Python \u7684 urllib \u51fa\u73b0\u6f0f\u6d1e\uff08CVE-2019-9636\uff09\u3002\u4e0b\u9762\u7684\u4ee3\u7801\u7247\u6bb5\u6f14\u793a\u4e86\u4e00\u4e2a\u57fa\u4e8e NFKC \u5f52\u4e00\u5316\u7684\u8de8\u7ad9\u70b9\u811a\u672c\u6f0f\u6d1e\uff08XSS,Cross-Site Scripting\uff09\u3002<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">import<\/span>\u00a0unicodedata<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">from<\/span>\u00a0django.shortcuts\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">import<\/span>\u00a0render<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">from<\/span>\u00a0django.utils.html\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">import<\/span>\u00a0escape<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">def<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">render_input<\/span><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">(request)<\/span>:<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0user_input\u00a0=\u00a0escape(request.GET[<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'p'<\/span>])<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0normalized_user_input\u00a0=\u00a0unicodedata.normalize(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"NFKC\"<\/span>,\u00a0user_input)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0context\u00a0=\u00a0{<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'my_input'<\/span>:\u00a0normalized_user_input}<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0render(request,\u00a0<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'test.html'<\/span>,\u00a0context)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u7b2c 6 \u884c\u4e2d\uff0c\u7528\u6237\u8f93\u5165\u7684\u5185\u5bb9\u88ab Django \u7684 escape \u51fd\u6570\u5904\u7406\u4e86\uff0c\u4ee5\u9632\u6b62 XSS \u6f0f\u6d1e\u3002\u5728\u7b2c 7 \u884c\u4e2d\uff0c\u7ecf\u8fc7\u6e05\u6d17\u7684\u8f93\u5165\u88ab NFKC \u7b97\u6cd5\u5f52\u4e00\u5316\uff0c\u4ee5\u4fbf\u5728\u7b2c 8-9 \u884c\u4e2d\u901a\u8fc7 test.html \u6a21\u677f\u6b63\u786e\u5730\u6e32\u67d3\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><strong style=\"outline: 0px; max-width: 100%; color: black; box-sizing: border-box !important; overflow-wrap: break-word !important;\">templates\/test.html<\/strong><\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">&lt;!DOCTYPE\u00a0<span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">html<\/span>&gt;<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">&lt;<span style=\"outline: 0px; max-width: 100%; color: #e06c75; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">html<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #d19a66; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">lang<\/span>=<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"en\"<\/span>&gt;<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">&lt;<span style=\"outline: 0px; max-width: 100%; color: #e06c75; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">body<\/span>&gt;<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>{{\u00a0my_input\u00a0|\u00a0safe}}<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">&lt;\/<span style=\"outline: 0px; max-width: 100%; color: #e06c75; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">body<\/span>&gt;<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">&lt;\/<span style=\"outline: 0px; max-width: 100%; color: #e06c75; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">html<\/span>&gt;<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u6a21\u677f test.html \u4e2d\uff0c\u7b2c 4 \u884c\u7684\u53d8\u91cf my_input \u88ab\u6807\u8bb0\u4e3a\u5b89\u5168\u7684\uff0c\u56e0\u4e3a\u5f00\u53d1\u4eba\u5458\u9884\u671f\u6709\u7279\u6b8a\u5b57\u7b26\uff0c\u5e76\u4e14\u8ba4\u4e3a\u8be5\u53d8\u91cf\u5df2\u7ecf\u88ab escape \u51fd\u6570\u6e05\u6d17\u4e86\u3002\u901a\u8fc7\u6807\u8bb0\u5173\u952e\u5b57 safe, Django \u4e0d\u4f1a\u518d\u6b21\u5bf9\u53d8\u91cf\u8fdb\u884c\u6e05\u6d17\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u4f46\u662f\uff0c\u7531\u4e8e\u7b2c 7 \u884c\uff08view.py\uff09\u7684\u5f52\u4e00\u5316\uff0c\u5b57\u7b26\u201c%EF%B9%A4\u201d\u4f1a\u88ab\u8f6c\u6362\u4e3a\u201c&lt;\u201d\uff0c\u201c%EF%B9%A5\u201d\u88ab\u8f6c\u6362\u4e3a\u201c&gt;\u201d\u3002\u8fd9\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u4ee5\u6ce8\u5165\u4efb\u610f\u7684 HTML \u6807\u8bb0\uff0c\u8fdb\u800c\u89e6\u53d1 XSS \u6f0f\u6d1e\u3002\u4e3a\u4e86\u9632\u6b62\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5c31\u5e94\u8be5\u5728\u628a\u7528\u6237\u8f93\u5165\u505a\u5b8c\u5f52\u4e00\u5316\u4e4b\u540e\uff0c\u518d\u8fdb\u884c\u6e05\u6d17\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">8. Unicode \u7f16\u7801\u78b0\u649e<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u524d\u6587\u8bf4\u8fc7\uff0cUnicode \u5b57\u7b26\u4f1a\u88ab\u6620\u5c04\u6210\u7801\u70b9\u3002\u7136\u800c\uff0c\u6709\u8bb8\u591a\u4e0d\u540c\u7684\u4eba\u7c7b\u8bed\u8a00\uff0cUnicode \u8bd5\u56fe\u5c06\u5b83\u4eec\u7edf\u4e00\u8d77\u6765\u3002\u8fd9\u5c31\u610f\u5473\u7740\u4e0d\u540c\u7684\u5b57\u7b26\u5f88\u6709\u53ef\u80fd\u62e5\u6709\u76f8\u540c\u7684\u201clayout\u201d\u3002\u4f8b\u5982\uff0c\u5c0f\u5199\u7684\u571f\u8033\u5176\u8bed \u0131\uff08\u6ca1\u6709\u70b9\uff09\u7684\u5b57\u7b26\u662f\u82f1\u8bed\u4e2d\u5927\u5199\u7684 I\u3002\u5728\u62c9\u4e01\u5b57\u6bcd\u4e2d\uff0c\u5b57\u7b26 i \u4e5f\u662f\u7528\u5927\u5199\u7684 I \u8868\u793a\u3002\u5728 Unicode \u6807\u51c6\u4e2d\uff0c\u8fd9\u4e24\u4e2a\u4e0d\u540c\u7684\u5b57\u7b26\u90fd\u4ee5\u5927\u5199\u5f62\u5f0f\u6620\u5c04\u5230\u540c\u4e00\u4e2a\u7801\u70b9\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u8fd9\u79cd\u884c\u4e3a\u662f\u53ef\u4ee5\u88ab\u5229\u7528\u7684\uff0c\u5b9e\u9645\u4e0a\u5df2\u7ecf\u5728 Django \u4e2d\u5bfc\u81f4\u4e86\u4e00\u4e2a\u4e25\u91cd\u7684\u6f0f\u6d1e\uff08CVE-2019-19844\uff09\u3002\u4e0b\u9762\u7684\u4ee3\u7801\u662f\u4e00\u4e2a\u91cd\u7f6e\u5bc6\u7801\u7684\u793a\u4f8b\u3002<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">from<\/span>\u00a0django.core.mail\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">import<\/span>\u00a0send_mail<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">from<\/span>\u00a0django.http\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">import<\/span>\u00a0HttpResponse<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">from<\/span>\u00a0vuln.models\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">import<\/span>\u00a0User<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">def<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">reset_pw<\/span><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">(request)<\/span>:<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0email\u00a0=\u00a0request.GET[<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'email'<\/span>]<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0result\u00a0=\u00a0User.objects.filter(email__exact=email.upper()).first()<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">if<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">not<\/span>\u00a0result:<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"User\u00a0not\u00a0found!\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0send_mail(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'Reset\u00a0Password'<\/span>,<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'Your\u00a0new\u00a0pw:\u00a0123456.'<\/span>,\u00a0<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'from@example.com'<\/span>,\u00a0[email],\u00a0fail_silently=<span style=\"outline: 0px; max-width: 100%; color: #56b6c2; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">False<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"Password\u00a0reset\u00a0email\u00a0send!\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u7b2c 6 \u884c\u4ee3\u7801\u83b7\u53d6\u4e86\u7528\u6237\u8f93\u5165\u7684 email\uff0c\u7b2c 7-9 \u884c\u4ee3\u7801\u68c0\u67e5\u8fd9\u4e2a email \u503c\uff0c\u67e5\u627e\u662f\u5426\u5b58\u5728\u5177\u6709\u8be5 email \u7684\u7528\u6237\u3002\u5982\u679c\u7528\u6237\u5b58\u5728\uff0c\u5219\u7b2c 10 \u884c\u4ee3\u7801\u4f9d\u636e\u7b2c 6 \u884c\u4e2d\u8f93\u5165\u7684 email \u5730\u5740\uff0c\u7ed9\u7528\u6237\u53d1\u9001\u90ae\u4ef6\u3002\u9700\u8981\u6307\u51fa\u7684\u662f\uff0c\u7b2c 7-9 \u884c\u4e2d\u5bf9\u90ae\u4ef6\u5730\u5740\u7684\u68c0\u67e5\u662f\u4e0d\u533a\u5206\u5927\u5c0f\u5199\u7684\uff0c\u4f7f\u7528\u4e86 upper \u51fd\u6570\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u81f3\u4e8e\u653b\u51fb\uff0c\u6211\u4eec\u5047\u8bbe\u6570\u636e\u5e93\u4e2d\u5b58\u5728\u4e00\u4e2a\u90ae\u7bb1\u5730\u5740\u4e3a foo@mix.com \u7684\u7528\u6237\u3002\u90a3\u4e48\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u7b80\u5355\u5730\u4f20\u5165 foo@m\u0131x.com \u4f5c\u4e3a\u7b2c 6 \u884c\u4e2d\u7684 email\uff0c\u5176\u4e2d i \u88ab\u66ff\u6362\u4e3a\u571f\u8033\u5176\u8bed \u0131\u3002\u7b2c 7 \u884c\u4ee3\u7801\u5c06\u90ae\u7bb1\u8f6c\u6362\u6210\u5927\u5199\uff0c\u7ed3\u679c\u662f FOO@MIX.COM\u3002\u8fd9\u610f\u5473\u7740\u627e\u5230\u4e86\u4e00\u4e2a\u7528\u6237\uff0c\u56e0\u6b64\u4f1a\u53d1\u9001\u4e00\u5c01\u91cd\u7f6e\u5bc6\u7801\u7684\u90ae\u4ef6\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u7136\u800c\uff0c\u90ae\u4ef6\u88ab\u53d1\u9001\u5230\u7b2c 6 \u884c\u672a\u8f6c\u6362\u7684\u90ae\u4ef6\u5730\u5740\uff0c\u4e5f\u5c31\u662f\u5305\u542b\u4e86\u571f\u8033\u5176\u8bed\u7684 \u0131\u3002\u6362\u53e5\u8bdd\u8bf4\uff0c\u5176\u4ed6\u7528\u6237\u7684\u5bc6\u7801\u88ab\u53d1\u9001\u5230\u4e86\u653b\u51fb\u8005\u63a7\u5236\u7684\u90ae\u4ef6\u5730\u5740\u3002\u4e3a\u4e86\u9632\u6b62\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u53ef\u4ee5\u5c06\u7b2c 10 \u884c\u66ff\u6362\u6210\u4f7f\u7528\u6570\u636e\u5e93\u4e2d\u7684\u7528\u6237\u90ae\u7bb1\u3002\u5373\u4f7f\u53d1\u751f\u7f16\u7801\u51b2\u7a81\uff0c\u653b\u51fb\u8005\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\u4e5f\u5f97\u4e0d\u5230\u4efb\u4f55\u597d\u5904\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">9. IP \u5730\u5740\u5f52\u4e00\u5316<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728 Python &lt; 3.8 \u4e2d\uff0cIP \u5730\u5740\u4f1a\u88ab ipaddress \u5e93\u5f52\u4e00\u5316\uff0c\u56e0\u6b64\u524d\u7f00\u7684\u96f6\u4f1a\u88ab\u5220\u9664\u3002\u8fd9\u79cd\u884c\u4e3a\u4e4d\u4e00\u770b\u53ef\u80fd\u662f\u65e0\u5bb3\u7684\uff0c\u4f46\u5b83\u5df2\u7ecf\u5728 Django \u4e2d\u5bfc\u81f4\u4e86\u4e00\u4e2a\u9ad8\u4e25\u91cd\u6027\u7684\u6f0f\u6d1e\uff08CVE-2021-33571\uff09\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u5f52\u4e00\u5316\u7ed5\u8fc7\u6821\u9a8c\u7a0b\u5e8f\uff0c\u53d1\u8d77\u670d\u52a1\u7aef\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\uff08SSRF\uff0cServer-Side Request Forgery\uff09\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u4e0b\u9762\u7684\u4ee3\u7801\u5c55\u793a\u4e86\u5982\u4f55\u7ed5\u8fc7\u8fd9\u6837\u7684\u6821\u9a8c\u5668\u3002<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">import<\/span>\u00a0requests<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">import<\/span>\u00a0ipaddress<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">def<\/span>\u00a0<span style=\"outline: 0px; max-width: 100%; color: #61aeee; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">send_request<\/span><span style=\"outline: 0px; max-width: 100%; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">(request)<\/span>:<\/span><br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0ip\u00a0=\u00a0request.GET[<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'ip'<\/span>]<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">try<\/span>:<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">if<\/span>\u00a0ip\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">in<\/span>\u00a0[<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"127.0.0.1\"<\/span>,\u00a0<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"0.0.0.0\"<\/span>]:<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"Not\u00a0allowed!\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip\u00a0=\u00a0str(ipaddress.IPv4Address(ip))<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">except<\/span>\u00a0ipaddress.AddressValueError:<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"Error\u00a0at\u00a0validation!\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0requests.get(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">'https:\/\/'<\/span>\u00a0+\u00a0ip)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/>\u00a0\u00a0\u00a0\u00a0<span style=\"outline: 0px; max-width: 100%; color: #c678dd; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">return<\/span>\u00a0HttpResponse(<span style=\"outline: 0px; max-width: 100%; color: #98c379; line-height: 26px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\"Request\u00a0send!\"<\/span>)<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u7b2c 5 \u884c\u4ee3\u7801\u83b7\u53d6\u7528\u6237\u4f20\u5165\u7684\u4e00\u4e2a IP \u5730\u5740\uff0c\u7b2c 7 \u884c\u4ee3\u7801\u4f7f\u7528\u4e00\u4e2a\u9ed1\u540d\u5355\u6765\u68c0\u67e5\u8be5 IP \u662f\u5426\u4e3a\u672c\u5730\u5730\u5740\uff0c\u4ee5\u9632\u6b62\u53ef\u80fd\u7684 SSRF \u6f0f\u6d1e\u3002\u8fd9\u4efd\u9ed1\u540d\u5355\u5e76\u4e0d\u5b8c\u6574\uff0c\u4ec5\u4f5c\u4e3a\u793a\u4f8b\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u7b2c 9 \u884c\u4ee3\u7801\u68c0\u67e5\u8be5 IP \u662f\u5426\u4e3a IPv4 \u5730\u5740\uff0c\u540c\u65f6\u5c06 IP \u5f52\u4e00\u5316\u3002\u5728\u5b8c\u6210\u9a8c\u8bc1\u540e\uff0c\u7b2c 12 \u884c\u4ee3\u7801\u4f1a\u5bf9\u8be5 IP \u53d1\u8d77\u5b9e\u9645\u7684\u8bf7\u6c42\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u4f46\u662f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u4f20\u5165 127.0.001 \u8fd9\u6837\u7684 IP \u5730\u5740\uff0c\u5728\u7b2c 7 \u884c\u7684\u9ed1\u540d\u5355\u5217\u8868\u4e2d\u627e\u4e0d\u5230\u3002\u7136\u540e\uff0c\u7b2c 9 \u884c\u4ee3\u7801\u4f7f\u7528 ipaddress.IPv4Address \u5c06 IP \u5f52\u4e00\u5316\u4e3a 127.0.0.1\u3002\u56e0\u6b64\uff0c\u653b\u51fb\u8005\u5c31\u80fd\u591f\u7ed5\u8fc7 SSRF \u6821\u9a8c\u5668\uff0c\u5e76\u5411\u672c\u5730\u7f51\u7edc\u5730\u5740\u53d1\u9001\u8bf7\u6c42\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">10. URL \u67e5\u8be2\u53c2\u6570\u89e3\u6790<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728 Python &lt; 3.7 \u4e2d\uff0curllib.parse.parse_qsl \u51fd\u6570\u5141\u8bb8\u4f7f\u7528\u201c;\u201d\u548c\u201c&amp;\u201d\u5b57\u7b26\u4f5c\u4e3a URL \u7684\u67e5\u8be2\u53d8\u91cf\u7684\u5206\u9694\u7b26\u3002\u6709\u8da3\u7684\u662f\u201c;\u201d\u5b57\u7b26\u4e0d\u80fd\u88ab\u5176\u5b83\u8bed\u8a00\u8bc6\u522b\u4e3a\u5206\u9694\u7b26\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u4e0b\u9762\u7684\u4f8b\u5b50\u4e2d\uff0c\u6211\u4eec\u5c06\u5c55\u793a\u4e3a\u4ec0\u4e48\u8fd9\u79cd\u884c\u4e3a\u4f1a\u5bfc\u81f4\u6f0f\u6d1e\u3002\u5047\u8bbe\u6211\u4eec\u6b63\u5728\u8fd0\u884c\u4e00\u4e2a\u57fa\u7840\u8bbe\u65bd\uff0c\u5176\u4e2d\u524d\u7aef\u662f\u4e00\u4e2a PHP \u7a0b\u5e8f\uff0c\u540e\u7aef\u5219\u662f\u4e00\u4e2a Python \u7a0b\u5e8f\u3002<\/p>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u653b\u51fb\u8005\u5411 PHP \u524d\u7aef\u53d1\u9001\u4ee5\u4e0b\u7684 GET \u8bf7\u6c42:<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">GET https:\/\/victim.com\/?a=1;b=2<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">PHP \u524d\u7aef\u53ea\u8bc6\u522b\u51fa\u4e00\u4e2a\u67e5\u8be2\u53c2\u6570\u201ca\u201d\uff0c\u5176\u5185\u5bb9\u4e3a\u201c1;b=2\u201d\u3002PHP \u4e0d\u628a\u201c;\u201d\u5b57\u7b26\u4f5c\u4e3a\u67e5\u8be2\u53c2\u6570\u7684\u5206\u9694\u7b26\u3002\u73b0\u5728\uff0c\u524d\u7aef\u4f1a\u5c06\u653b\u51fb\u8005\u7684\u8bf7\u6c42\u76f4\u63a5\u8f6c\u53d1\u7ed9\u5185\u90e8\u7684 Python \u7a0b\u5e8f:<\/p>\n<pre style=\"margin-top: 10px; margin-bottom: 10px; outline: 0px; max-width: 100%; color: #000000; font-size: 16px; text-align: left; background-color: #ffffff; border-radius: 5px; box-shadow: rgba(0, 0, 0, 0.55) 0px 2px 10px; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><code style=\"padding: 15px 16px 16px; outline: 0px; max-width: 100%; overflow-x: auto; color: #abb2bf; display: -webkit-box; font-family: 'Operator Mono', Consolas, Monaco, Menlo, monospace; font-size: 12px; background: #282c34; border-radius: 5px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">GET https:\/\/internal.backend\/?a=1;b=2<br style=\"outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word !important;\" \/><\/code><\/pre>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5982\u679c\u4f7f\u7528\u4e86 urllib.parse.parse_qsl\uff0cPython \u7a0b\u5e8f\u4f1a\u5904\u7406\u6210\u4e24\u4e2a\u67e5\u8be2\u53c2\u6570\uff0c\u5373\u201ca=1\u201d\u548c\u201cb=2\u201d\u3002\u8fd9\u79cd\u67e5\u8be2\u53c2\u6570\u89e3\u6790\u7684\u5dee\u5f02\u53ef\u80fd\u4f1a\u5bfc\u81f4\u81f4\u547d\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u6bd4\u5982 Django \u4e2d\u7684 Web \u7f13\u5b58\u6295\u6bd2\u6f0f\u6d1e\uff08CVE-2021-23336\uff09\u3002<\/p>\n<h2 style=\"margin-top: 2.2em; margin-bottom: 35px; outline: 0px; font-weight: bold; font-size: 22px; max-width: 100%; color: #000000; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.5em; box-sizing: border-box !important; overflow-wrap: break-word !important;\"><span style=\"margin-right: 3px; padding: 2px 13px; outline: 0px; max-width: 100%; display: inline-block; background-image: linear-gradient(#ffffff 60%, #ffb11b 40%); background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; color: #515151; height: 37px; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u603b\u7ed3<\/span><\/h2>\n<p style=\"margin-bottom: 20px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u5728\u8fd9\u7bc7\u535a\u6587\u4e2d\uff0c\u6211\u4eec\u4ecb\u7ecd\u4e86 10 \u4e2a Python \u5b89\u5168\u9677\u9631\uff0c\u6211\u4eec\u8ba4\u4e3a\u5f00\u53d1\u8005\u4e0d\u592a\u4e86\u89e3\u5b83\u4eec\u3002\u6bcf\u4e2a\u7ec6\u5fae\u7684\u9677\u9631\u90fd\u5f88\u5bb9\u6613\u88ab\u5ffd\u89c6\uff0c\u5e76\u5728\u8fc7\u53bb\u5bfc\u81f4\u4e86\u7ebf\u4e0a\u7a0b\u5e8f\u7684\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n<section style=\"margin-bottom: 15px; outline: 0px; max-width: 100%; font-family: Optima-Regular, Optima, PingFangSC-light, PingFangTC-light, 'PingFang SC', Cambria, Cochin, Georgia, Times, 'Times New Roman', serif; font-size: 16px; text-align: left; white-space: normal; background-color: #ffffff; line-height: 1.8em; color: #3a3a3a; box-sizing: border-box !important; overflow-wrap: break-word !important;\">\u6b63\u5982\u524d\u6587\u6240\u8ff0\uff0c\u5b89\u5168\u9677\u9631\u53ef\u80fd\u51fa\u73b0\u5728\u5404\u79cd\u64cd\u4f5c\u4e2d\uff0c\u4ece\u5904\u7406\u6587\u4ef6\u3001\u76ee\u5f55\u3001\u538b\u7f29\u6587\u4ef6\u3001URL\u3001IP \u5230\u7b80\u5355\u7684\u5b57\u7b26\u4e32\u3002\u4e00\u79cd\u5e38\u89c1\u7684\u60c5\u51b5\u662f\u5e93\u51fd\u6570\u7684\u4f7f\u7528\uff0c\u8fd9\u4e9b\u51fd\u6570\u53ef\u80fd\u6709\u610f\u60f3\u4e0d\u5230\u7684\u884c\u4e3a\u3002\u8fd9\u63d0\u9192\u6211\u4eec\u4e00\u5b9a\u8981\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff0c\u5e76\u4ed4\u7ec6\u9605\u8bfb\u6587\u6863\u3002\u5728 SonarSource \u4e2d\uff0c\u6211\u4eec\u6b63\u5728\u7814\u7a76\u8fd9\u4e9b\u7f3a\u9677\uff0c\u4ee5\u4fbf\u5c06\u6765\u4e0d\u65ad\u6539\u8fdb\u6211\u4eec\u7684\u4ee3\u7801\u5206\u6790\u5668\u3002<\/section>\n<blockquote style=\"white-space: normal;\"><p><span style=\"font-size: 14px;\">\u82f1\u6587\u4f5c\u8005\uff1a<span style=\"font-size: 14px;\">Dennis Brinkrolf\uff0c<\/span><\/span><span style=\"font-size: 14px; font-family: mp-quote, -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;\">\u8bd1\u8005\uff1a<\/span><span style=\"font-size: 14px; font-family: mp-quote, -apple-system-font, BlinkMacSystemFont, 'Helvetica Neue', 'PingFang SC', 'Hiragino Sans GB', 'Microsoft YaHei UI', 'Microsoft YaHei', Arial, sans-serif;\">\u8c4c\u8c46\u82b1\u4e0b\u732b<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-size: 14px;\"><span style=\"font-size: 14px;\"><span style=\"font-size: 14px;\">\u82f1\u6587\uff1a<\/span><span style=\"font-size: 14px;\">https:\/\/blog.sonarsource.com\/10-unknown-security-pitfalls-for-pytho<\/span><span style=\"font-size: 14px;\">n<\/span><\/span><\/span><\/p>\n<\/blockquote>\n<p style=\"white-space: normal;\">\n<p>\u8f6c\u81ea\uff1ahttps:\/\/mp.weixin.qq.com\/s\/4ZjsOv1XlgJU0iXtjBorKg<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Python \u5f00\u53d1\u8005\u4eec\u5728\u4f7f\u7528\u6807\u51c6\u5e93\u548c\u901a\u7528\u6846\u67b6\u65f6\uff0c\u90fd\u4ee5\u4e3a\u81ea\u5df1\u7684\u7a0b\u5e8f\u5177\u6709\u53ef\u9760\u7684\u5b89\u5168\u6027\u3002\u7136\u800c\uff0c\u5728 Python \u4e2d\uff0c &hellip; <a href=\"http:\/\/www.zhushiyao.com\/?p=102375\" class=\"more-link\">\u7ee7\u7eed\u9605\u8bfb<span class=\"screen-reader-text\">\u201c\u8b66\u60d5\uff01Python \u4e2d\u5c11\u4e3a\u4eba\u77e5\u7684 10 \u4e2a\u5b89\u5168\u9677\u9631\uff01\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[8],"_links":{"self":[{"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/posts\/102375"}],"collection":[{"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=102375"}],"version-history":[{"count":2,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/posts\/102375\/revisions"}],"predecessor-version":[{"id":102378,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/posts\/102375\/revisions\/102378"}],"wp:attachment":[{"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=102375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=102375"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=102375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}