laforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/34948?usp=email ) Change subject: pySim-shell: Reject any non-decimal PIN values ...................................................................... pySim-shell: Reject any non-decimal PIN values Don't even send any non-decimal PIN values to the card, but reject them when parsing the command arguments. Change-Id: Icec1698851471af7f76f20201dcdcfcd48ddf365 --- M pySim-shell.py M pySim/utils.py 2 files changed, 27 insertions(+), 8 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/48/34948/1 diff --git a/pySim-shell.py b/pySim-shell.py index 306dd40..0c559f9 100755 --- a/pySim-shell.py +++ b/pySim-shell.py @@ -53,7 +53,7 @@ from pySim.cards import card_detect, SimCardBase, UiccCardBase from pySim.utils import h2b, b2h, i2h, swap_nibbles, rpad, JsonEncoder, bertlv_parse_one, sw_match from pySim.utils import sanitize_pin_adm, tabulate_str_list, boxed_heading_str, Hexstr, dec_iccid -from pySim.utils import is_hexstr_or_decimal, is_hexstr +from pySim.utils import is_hexstr_or_decimal, is_hexstr, is_decimal from pySim.card_handler import CardHandler, CardHandlerAuto from pySim.filesystem import CardDF, CardADF, CardModel, CardApplication @@ -864,7 +864,7 @@ verify_chv_parser.add_argument( '--pin-nr', type=int, default=1, help='PIN Number, 1=PIN1, 2=PIN2 or custom value (decimal)') verify_chv_parser.add_argument( - 'pin_code', type=str, help='PIN code digits, \"PIN1\" or \"PIN2\" to get PIN code from external data source') + 'pin_code', type=is_decimal, help='PIN code digits, \"PIN1\" or \"PIN2\" to get PIN code from external data source') @cmd2.with_argparser(verify_chv_parser) def do_verify_chv(self, opts): @@ -879,9 +879,9 @@ unblock_chv_parser.add_argument( '--pin-nr', type=int, default=1, help='PUK Number, 1=PIN1, 2=PIN2 or custom value (decimal)') unblock_chv_parser.add_argument( - 'puk_code', type=str, help='PUK code digits \"PUK1\" or \"PUK2\" to get PUK code from external data source') + 'puk_code', type=is_decimal, help='PUK code digits \"PUK1\" or \"PUK2\" to get PUK code from external data source') unblock_chv_parser.add_argument( - 'new_pin_code', type=str, help='PIN code digits \"PIN1\" or \"PIN2\" to get PIN code from external data source') + 'new_pin_code', type=is_decimal, help='PIN code digits \"PIN1\" or \"PIN2\" to get PIN code from external data source') @cmd2.with_argparser(unblock_chv_parser) def do_unblock_chv(self, opts): @@ -896,9 +896,9 @@ change_chv_parser.add_argument( '--pin-nr', type=int, default=1, help='PUK Number, 1=PIN1, 2=PIN2 or custom value (decimal)') change_chv_parser.add_argument( - 'pin_code', type=str, help='PIN code digits \"PIN1\" or \"PIN2\" to get PIN code from external data source') + 'pin_code', type=is_decimal, help='PIN code digits \"PIN1\" or \"PIN2\" to get PIN code from external data source') change_chv_parser.add_argument( - 'new_pin_code', type=str, help='PIN code digits \"PIN1\" or \"PIN2\" to get PIN code from external data source') + 'new_pin_code', type=is_decimal, help='PIN code digits \"PIN1\" or \"PIN2\" to get PIN code from external data source') @cmd2.with_argparser(change_chv_parser) def do_change_chv(self, opts): @@ -913,7 +913,7 @@ disable_chv_parser.add_argument( '--pin-nr', type=int, default=1, help='PIN Number, 1=PIN1, 2=PIN2 or custom value (decimal)') disable_chv_parser.add_argument( - 'pin_code', type=str, help='PIN code digits, \"PIN1\" or \"PIN2\" to get PIN code from external data source') + 'pin_code', type=is_decimal, help='PIN code digits, \"PIN1\" or \"PIN2\" to get PIN code from external data source') @cmd2.with_argparser(disable_chv_parser) def do_disable_chv(self, opts): @@ -926,7 +926,7 @@ enable_chv_parser.add_argument( '--pin-nr', type=int, default=1, help='PIN Number, 1=PIN1, 2=PIN2 or custom value (decimal)') enable_chv_parser.add_argument( - 'pin_code', type=str, help='PIN code digits, \"PIN1\" or \"PIN2\" to get PIN code from external data source') + 'pin_code', type=is_decimal, help='PIN code digits, \"PIN1\" or \"PIN2\" to get PIN code from external data source') @cmd2.with_argparser(enable_chv_parser) def do_enable_chv(self, opts): diff --git a/pySim/utils.py b/pySim/utils.py index ea1c9e6..44800fb 100644 --- a/pySim/utils.py +++ b/pySim/utils.py @@ -1487,3 +1487,10 @@ if len(instr) & 1: raise ValueError('Input has un-even number of hex digits') return instr + +def is_decimal(instr: str) -> str: + """Method that can be used as 'type' in argparse.add_argument() to validate the value consists of + an even sequence of decimal digits only.""" + if not instr.isdecimal(): + raise ValueError('Input must decimal') + return instr -- To view, visit https://gerrit.osmocom.org/c/pysim/+/34948?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Icec1698851471af7f76f20201dcdcfcd48ddf365 Gerrit-Change-Number: 34948 Gerrit-PatchSet: 1 Gerrit-Owner: laforge <laforge(a)osmocom.org> Gerrit-MessageType: newchange