laforge has uploaded this change for review. (
https://gerrit.osmocom.org/c/pysim/+/34948?usp=email )
Change subject: pySim-shell: Reject any non-decimal PIN values
......................................................................
pySim-shell: Reject any non-decimal PIN values
Don't even send any non-decimal PIN values to the card, but reject
them when parsing the command arguments.
Change-Id: Icec1698851471af7f76f20201dcdcfcd48ddf365
---
M pySim-shell.py
M pySim/utils.py
2 files changed, 27 insertions(+), 8 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/48/34948/1
diff --git a/pySim-shell.py b/pySim-shell.py
index 306dd40..0c559f9 100755
--- a/pySim-shell.py
+++ b/pySim-shell.py
@@ -53,7 +53,7 @@
from pySim.cards import card_detect, SimCardBase, UiccCardBase
from pySim.utils import h2b, b2h, i2h, swap_nibbles, rpad, JsonEncoder, bertlv_parse_one,
sw_match
from pySim.utils import sanitize_pin_adm, tabulate_str_list, boxed_heading_str, Hexstr,
dec_iccid
-from pySim.utils import is_hexstr_or_decimal, is_hexstr
+from pySim.utils import is_hexstr_or_decimal, is_hexstr, is_decimal
from pySim.card_handler import CardHandler, CardHandlerAuto
from pySim.filesystem import CardDF, CardADF, CardModel, CardApplication
@@ -864,7 +864,7 @@
verify_chv_parser.add_argument(
'--pin-nr', type=int, default=1, help='PIN Number, 1=PIN1, 2=PIN2 or
custom value (decimal)')
verify_chv_parser.add_argument(
- 'pin_code', type=str, help='PIN code digits, \"PIN1\" or
\"PIN2\" to get PIN code from external data source')
+ 'pin_code', type=is_decimal, help='PIN code digits,
\"PIN1\" or \"PIN2\" to get PIN code from external data source')
@cmd2.with_argparser(verify_chv_parser)
def do_verify_chv(self, opts):
@@ -879,9 +879,9 @@
unblock_chv_parser.add_argument(
'--pin-nr', type=int, default=1, help='PUK Number, 1=PIN1, 2=PIN2 or
custom value (decimal)')
unblock_chv_parser.add_argument(
- 'puk_code', type=str, help='PUK code digits \"PUK1\" or
\"PUK2\" to get PUK code from external data source')
+ 'puk_code', type=is_decimal, help='PUK code digits \"PUK1\"
or \"PUK2\" to get PUK code from external data source')
unblock_chv_parser.add_argument(
- 'new_pin_code', type=str, help='PIN code digits \"PIN1\" or
\"PIN2\" to get PIN code from external data source')
+ 'new_pin_code', type=is_decimal, help='PIN code digits
\"PIN1\" or \"PIN2\" to get PIN code from external data source')
@cmd2.with_argparser(unblock_chv_parser)
def do_unblock_chv(self, opts):
@@ -896,9 +896,9 @@
change_chv_parser.add_argument(
'--pin-nr', type=int, default=1, help='PUK Number, 1=PIN1, 2=PIN2 or
custom value (decimal)')
change_chv_parser.add_argument(
- 'pin_code', type=str, help='PIN code digits \"PIN1\" or
\"PIN2\" to get PIN code from external data source')
+ 'pin_code', type=is_decimal, help='PIN code digits \"PIN1\"
or \"PIN2\" to get PIN code from external data source')
change_chv_parser.add_argument(
- 'new_pin_code', type=str, help='PIN code digits \"PIN1\" or
\"PIN2\" to get PIN code from external data source')
+ 'new_pin_code', type=is_decimal, help='PIN code digits
\"PIN1\" or \"PIN2\" to get PIN code from external data source')
@cmd2.with_argparser(change_chv_parser)
def do_change_chv(self, opts):
@@ -913,7 +913,7 @@
disable_chv_parser.add_argument(
'--pin-nr', type=int, default=1, help='PIN Number, 1=PIN1, 2=PIN2 or
custom value (decimal)')
disable_chv_parser.add_argument(
- 'pin_code', type=str, help='PIN code digits, \"PIN1\" or
\"PIN2\" to get PIN code from external data source')
+ 'pin_code', type=is_decimal, help='PIN code digits,
\"PIN1\" or \"PIN2\" to get PIN code from external data source')
@cmd2.with_argparser(disable_chv_parser)
def do_disable_chv(self, opts):
@@ -926,7 +926,7 @@
enable_chv_parser.add_argument(
'--pin-nr', type=int, default=1, help='PIN Number, 1=PIN1, 2=PIN2 or
custom value (decimal)')
enable_chv_parser.add_argument(
- 'pin_code', type=str, help='PIN code digits, \"PIN1\" or
\"PIN2\" to get PIN code from external data source')
+ 'pin_code', type=is_decimal, help='PIN code digits,
\"PIN1\" or \"PIN2\" to get PIN code from external data source')
@cmd2.with_argparser(enable_chv_parser)
def do_enable_chv(self, opts):
diff --git a/pySim/utils.py b/pySim/utils.py
index ea1c9e6..44800fb 100644
--- a/pySim/utils.py
+++ b/pySim/utils.py
@@ -1487,3 +1487,10 @@
if len(instr) & 1:
raise ValueError('Input has un-even number of hex digits')
return instr
+
+def is_decimal(instr: str) -> str:
+ """Method that can be used as 'type' in
argparse.add_argument() to validate the value consists of
+ an even sequence of decimal digits only."""
+ if not instr.isdecimal():
+ raise ValueError('Input must decimal')
+ return instr
--
To view, visit
https://gerrit.osmocom.org/c/pysim/+/34948?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: Icec1698851471af7f76f20201dcdcfcd48ddf365
Gerrit-Change-Number: 34948
Gerrit-PatchSet: 1
Gerrit-Owner: laforge <laforge(a)osmocom.org>
Gerrit-MessageType: newchange