[LOTP] Add vale #32

fproulx-boostsecurity · 2024-07-15T16:47:56Z

Description of the LOTP tool

vale is CLI meta-linting tool that has tons of plugins that can be configured using a config file.

.vale.ini

Tengo script extension is interesting, but currently limited because it was hardened in a certain version to prevent import "os"
- while Tengo can optionally have "os" (https://github.com/d5/tengo/blob/master/docs/stdlib-os.md)
- Only "text", "fmt", "math are exported (https://github.com/errata-ai/vale/blob/e8dd9f6435aa9377159783bb3d517e8bbc77717d/internal/lint/action.go#L91)
Other linters are often not pre-installed, so very much environment dependant
most versions of xsltproc makes old-school XXE hard / if not impossible? because of URI constraints, BUT as most support the exsl:document extension (https://exslt.github.io/exsl/elements/document/index.html) it does provide an arbitrary write gadget that can be combined with theNLPEndpoint for exfiltration (ex. https://github.com/Koha-Community/Koha/blob/main/t/db_dependent/Koha/XSLT/Security.t#L64-L75)
NLPEndpoint + Lang (!= "en") REST API support is a great reliable built-in exfiltration mechanism, easy to combine with symbolic link (with *.txt) in git repo pointing to file (ex. /proc/self/environ or .git/config)
- NLPEndpoint in .vale.ini https://github.com/errata-ai/vale/blob/e8dd9f6435aa9377159783bb3d517e8bbc77717d/internal/core/ini.go#L227
- Lang = fr (not en to trigger NLP REST API)
- HTTP POST https://github.com/errata-ai/vale/blob/v3/internal/nlp/http.go#L37-L54

The text was updated successfully, but these errors were encountered:

fproulx-boostsecurity added the idea label Jul 15, 2024

fproulx-boostsecurity added the good first issue Good for newcomers label Nov 19, 2024