Aabo nipasẹ Oniru
Parser Gbólóhùn Bank jẹ itumọ ti fun sisẹ data owo ifura. Gbogbo ipinnu apẹrẹ ṣe pataki aabo, aṣiri, ati iṣayẹwo.
Wiwọle Nẹtiwọọki Odo
Gbogbo ilana n ṣẹlẹ ni agbegbe laarin akoko asiko rẹ. Ile-ikawe n ṣe awọn ipe API odo, awọn asopọ awọsanma odo, ati gbigba telemetry odo. Awọn parsers XML ti wa ni tunto kedere pẹluno_network=True, resolve_entities=False, atiload_dtd=Falselati ṣe idiwọ wiwọle eyikeyi ti o njade lo.
PII Atunṣe
Alaye idanimọ tikalararẹ (awọn orukọ, IBANs, awọn adirẹsi ifiweranṣẹ) jẹ atunṣe laifọwọyi ni iṣelọpọ CLI ati ipo ṣiṣanwọle. Eyi wa ni titan nipasẹ aiyipada.
- ** CLI ***: Awọn aaye ifarako fihan bi
***REDACTED*** - ** Sisanwọle ***:
parse_streaming(redact_pii=True)(aiyipada) - ** Awọn okeere ***: CSV/JSON/Excel ṣe idaduro data kikun fun sisẹ isalẹ
- ** Jade-ni ***: Lo
--show-piitabiredact_pii=Falsenigbati o nilo unredacted o wu
Aabo XML (Idaabobo XXE)
Gbogbo awọn lilo XML ti ntupalẹlxmlpẹlu awọn eto lile:
resolve_entities=False-- ṣe idilọwọ awọn ikọlu imugboroja nkan XML -no_network=True-- dina gbogbo iraye si nẹtiwọọki ti njade lati ọdọ olutọpa -load_dtd=False- ṣe idilọwọ awọn ikọlu orisun DTD Yiyọ orukọ aaye ṣaaju ṣiṣe -- mu eyikeyi iyatọ CAMT.053 lailewu
Aabo Ile ifipamọ ZIP
iter_secure_xml_entries()fọwọsi gbogbo ọmọ ẹgbẹ ZIP ṣaaju isediwon:
- ** Fila iwọn titẹ sii ***: 10 MB fun titẹ sii (iṣeto atunto)
- ** Lapapọ iwọn fila ***: 50 MB lapapọ ti a ko fi sii (tunto)
- ** Iwọn ipin ipin funmorawon ***: 100: 1 aiyipada -- ṣe awari awọn bombu ZIP
- ** Ijusile titẹsi ti paroko ***: Awọn titẹ sii ti paroko ti wa ni fo pẹlu ikilọ kan
- ** Ko si disk ti o kọwe ***: awọn baiti XML kọja taara si parser nipasẹ
from_bytes()
Idena Gbigbe Ona
Ifọwọsi igbewọle ṣe idilọwọ awọn ọna faili ti o lewu:
- Awọn baiti asan, awọn ilana itọka itọsọna (
../), ati awọn symlinks ti wa ni kọ - Afọwọsi itẹsiwaju faili lodi si awọn ọna kika ti a nireti
- Awọn opin iwọn faili (aiyipada 100 MB, atunto)
Abajade ipinnu
Fi fun faili igbewọle kanna, parser n ṣe agbejade baiti-ikankan ni gbogbo ṣiṣe. Ko si aileto, ko si itọkasi awoṣe, ko si iṣapẹẹrẹ heuristic. Eyi ṣe pataki fun:
- ** Atunyẹwo iṣayẹwo ***: Ṣiṣe faili kanna lẹẹmeji ki o yatọ si abajade
- ** Ibamu ilana ***: Ṣe afihan sisẹ deede
- ** CI ijerisi ***: Awọn idanwo 467 fi agbara mu ipinnu ipinnu pẹlu 100% agbegbe agbegbe
Ipese pq Aabo
- ** SHA-256 awọn igbẹkẹle titiipa hash ***: Gbogbo package ni
poetry.lockti jẹrisi awọn hashes faili - ** CycloneDX SBOM ***: Gbogbo itusilẹ pẹlu Iwe-aṣẹ Ohun elo Software kan
- ** GitHub kọ provenance ***: Ijẹrisi ṣe asopọ ohun-ọṣọ kọọkan si adehun orisun rẹ
- ** Awọn adehun ti o fowo si ***: Gbogbo awọn adehun jẹ ami-SSH ati rii daju ni CI
- ** Ijeri igbẹkẹle ***:
scripts/verify_locked_hashes.pyvalidates gbogbo hashes tibile
Ṣe idaniloju Ni agbegbe
python -m pytest # 467 tests, 100% branch coverage
python scripts/verify_locked_hashes.py # SHA-256 hash verification
git log --show-signature -1 # Verify commit signature