Umbhali we-mitmproxy, isixhobo sokuhlalutya i-HTTP / HTTPS i-traffic, wagxininisa ukubonakala kwefoloko yeprojekthi yakhe kwi-PyPI (i-Python Package Index) yeephakheji zePython. Ifolokhwe yasasazwa phantsi kwegama elifanayo elithi mitmproxy2 kunye nenguqulo engekhoyo 8.0.1 (i-mitmproxy yangoku 7.0.4) kunye nokulindela ukuba abasebenzisi abangaqapheliyo baya kuqonda iphakheji njengohlelo olutsha lweprojekthi engundoqo (typesquatting) kwaye baya kufuna. ukuzama inguqulelo entsha.
Ekubunjweni kwayo, i-mitmproxy2 yayifana ne-mitmproxy, ngaphandle kweenguqu kunye nokuphunyezwa kokusebenza okungalunganga. Utshintsho lwaluquka ukumisa ukuseta i-HTTP header "X-Frame-Options: DENY", evimbela ukuqhutyelwa komxholo ngaphakathi kwe-iframe, ukukhubaza ukukhuselwa ekuhlaselweni kwe-XSRF kunye nokuseta izihloko "Ukufikelela-Ukulawula-Vumela-Imvelaphi: *", "UFikelelo-Ukulawula- Vumela-izihloko: *" kunye "noFikelelo-Ukulawula-Vumela-Iindlela: POST, GET, DELETE, OPTIONS".
Olu tshintsho lususe izithintelo ekufikeleleni kwi-HTTP API esetyenziselwa ukulawula i-mitmproxy nge-Web interface, eyavumela nawuphi na umhlaseli obekwe kwinethiwekhi yendawo efanayo ukuba aququzelele ukuphunyezwa kwekhowudi yabo kwinkqubo yomsebenzisi ngokuthumela isicelo se-HTTP.
Ulawulo lolawulo lwavuma ukuba utshintsho olwenziweyo lunokutolikwa njengolunya, kwaye iphakheji ngokwayo njengenzame yokukhuthaza enye imveliso phantsi komfanekiso weprojekthi ephambili (inkcazo yephakheji ichaze ukuba le yinguqulelo entsha ye-mitmproxy, hayi ifolokhwe). Emva kokususa iphakheji kwikhathalogu, ngosuku olulandelayo iphakheji entsha, i-mitmproxy-iframe, yathunyelwa kwi-PyPI, inkcazo ehambelana ngokupheleleyo nephakheji esemthethweni. Iphakheji ye-mitmproxy-iframe nayo sele isusiwe kulawulo lwePyPI.
umthombo: opennet.ru