feat(website): update the website wiki pages

Author: jackfromeast

website/img/primitives.png

@@ -18,7 +18,7 @@ <h1>(All You Ever Wanted To Know About) <br> Python Class Pollution</h1>
     <a href="wiki/docs/">Wiki</a>
     <a href="https://jackfromeast.github.io/assets/Pyrl.pdf">Paper</a>
     <a href="wiki/docs/tool/pyrl/">Tool</a>
-    <a href="wiki/docs/reference/cve-index/">Dataset</a>
+    <a href="wiki/docs/collection/showcases/">Dataset</a>
 </div>
 <h2>What is Python class pollution?</h2>
 <img class="hero-icon" src="img/icon.png" alt="Python Class Pollution">

website/img/procedure.png

@@ -8,7 +8,7 @@ title: "Python Class Pollution"
     <a href="wiki/docs/">Wiki</a>
     <a href="https://jackfromeast.github.io/assets/Pyrl.pdf">Paper</a>
     <a href="wiki/docs/tool/pyrl/">Tool</a>
-    <a href="wiki/docs/reference/cve-index/">Dataset</a>
+    <a href="wiki/docs/collection/showcases/">Dataset</a>
 </div>
 
 ## What is Python class pollution?

website/index.html

@@ -7,129 +7,40 @@ bookFlatSection: false
 
 # Python Class Pollution
 
-**Class pollution** is a vulnerability pattern in which an attacker traverses Python's
-runtime object graph through dunder attributes — `__class__`, `__init__`,
-`__globals__`, `sys.modules`, and so on — and overwrites attributes in unintended
-classes, functions, or modules. The traversal is driven by a reflective
-`getattr`/`setattr` (or `__getitem__`/`__setitem__`) loop whose path or keys come from
-untrusted input.
+**Class pollution** is a vulnerability class where an attacker traverses Python's runtime object graph through dunder attributes such as `__class__`, `__init__`, `__globals__`, and `sys.modules`, and overwrites attributes in unintended classes, functions, or modules. The traversal is driven by a reflective attribute or item access loop whose path or keys come from untrusted input.
 
-It is the Python analogue of JavaScript prototype pollution[^silvanovich2021], but the
-primitives are richer: because Python's object model is class-based with a flexible
-reflection layer, pollution can reach classes, functions, modules, and even descriptor
-slots — not just a single root prototype.
+It is the Python analogue of [JavaScript prototype pollution][jsproto], but the primitives are richer: Python's class-based object model with a flexible reflection layer lets pollution reach classes, functions, modules, and descriptor slots.
 
-## A motivating example
+## Roadmap
 
-```python
-def update(user, data):
-    for key in data:
-        val = data[key]
-        if isinstance(val, dict):
-            update(getattr(user, key), val)
-        else:
-            setattr(user, key, val)
-```
+This wiki is organized into the following sections. Most readers can pick the entry point that matches their goal:
 
-The function looks like a routine deep-merge of nested form data onto a model object. But
-because `getattr` does not distinguish between developer-defined attributes and dunder
-attributes, an attacker-controlled `data` can step through Python's object graph:
+<!-- - **[Taxonomy]({{< relref "taxonomy" >}})**: the systematic taxonomy of class pollution along three aspects: pollution primitives, vulnerability types, and consequences.
+- **[Pollution Targets]({{< relref "targets" >}})**: runtime objects (classes, modules, functions, globals) that are reachable via reflection and meaningfully change program behavior when modified.
+- **[Gadgets]({{< relref "gadgets" >}})**: concrete target + value combinations that turn a pollution primitive into RCE, XSS, authentication bypass, DoS, or token leakage.
+- **[Tool]({{< relref "tool" >}})**: documentation for *Pyrl* (the detection tool, built on operational taint analysis over CodeQL) and *Polluter* (an exploitation/testing helper).
+- **[Collection]({{< relref "collection" >}})**: a curated database of confirmed vulnerable Python packages with end-to-end PoCs, including the assigned CVEs and showcase walkthroughs.
+- **[Defense]({{< relref "defense" >}})**: mitigations along the object resolution path: key sanitization at the "get" primitive and guards at the "set" primitive. -->
 
-```json
-{"__class__": {"__getattribute__": "1337"}}
-```
+## About this wiki
 
-After this call, `type(user).__getattribute__` is the string `"1337"`. Any attribute
-access on any instance of the `User` class now raises `TypeError: 'str' object is not
-callable` &mdash; a denial-of-service primitive. Extending the path through
-`__init__.__globals__.sys.modules` reaches any imported module, which is where the
-primitive becomes RCE ([gadgets/rce]({{< relref "gadgets/rce" >}})), stored XSS
-([gadgets/xss]({{< relref "gadgets/xss" >}})), or authentication bypass
-([gadgets/auth-bypass]({{< relref "gadgets/auth-bypass" >}})).
+This wiki accompanies our IEEE S&P 2026 paper [*The First Large-Scale Systematic Study of Python Class Pollution Vulnerability*][paper]. Its goal is to be a living reference for the vulnerability class. Concretely, we want it to:
 
-## Reading guide
+- Document the taxonomy, targets, and gadgets in a way that is easier to extend than a PDF.
+- Track new CVEs, gadgets, and showcases as they are discovered.
+- Provide actionable defense guidance for library and application maintainers.
 
-Different audiences read this wiki differently. Start here:
+## Contributions
 
-- **Security researchers** looking to understand the vulnerability class:
-  [Taxonomy]({{< relref "taxonomy" >}}) → [Targets]({{< relref "targets" >}}) →
-  [Gadgets]({{< relref "gadgets" >}}).
-- **Bug hunters and CTF players** looking for exploits to adapt:
-  [Showcases]({{< relref "collection/showcases" >}}) are end-to-end PoCs;
-  [Gadgets]({{< relref "gadgets" >}}) catalogues the building blocks.
-- **Library maintainers** with a reflective update function in their codebase:
-  [Defense]({{< relref "defense" >}}) is the shortest path, then
-  [Pyrl]({{< relref "tool/pyrl" >}}) to scan your own code.
-- **Readers of the paper** looking to map claims onto artifacts:
-  [Tools]({{< relref "tool" >}}) documents Pyrl and Polluter;
-  [Collection]({{< relref "collection" >}}) lists every confirmed finding.
-
-## Key differences from JavaScript prototype pollution
-
-| Aspect | JS prototype pollution | Python class pollution |
-|--------|------------------------|------------------------|
-| Object model | Prototype-based | Class-based + descriptor protocol |
-| Pollution path | Uniform prototype chain (`__proto__`) | Multiple: attribute, item, variable |
-| Canonical target | `Object.prototype` | Classes, modules, functions, closures |
-| Namespace | Single (properties) | Two (attribute vs. item) |
-| Resolution | Prototype chain lookup | MRO + descriptor protocol |
-| Typical sink | `{}` merged from user input | `setattr` / `obj[k]=v` over a dotted path |
-
-The second-to-last row is the important one for exploitation. Python's two namespaces
-(`obj.attr` vs. `obj[key]`) give rise to three distinct "set" primitives (attr-only,
-item-only, or dual), which combined with two "get" primitives (agnostic or constrained)
-produce the six vulnerability types in the [taxonomy]({{< relref "taxonomy" >}}).
-
-## Threat model
-
-The vulnerable Python package processes input from one of three channels:
-
-1. **Remote input** &mdash; HTTP body, query string, WebSocket message, RPC argument
-   reaching a server-side reflective update. Example:
-   [django-unicorn]({{< relref "collection/showcases/django-unicorn" >}}) (WebSocket).
-2. **Local input** &mdash; command-line arguments, configuration files, LLM tool outputs
-   reaching a CLI's reflective setter. Example:
-   [Azure CLI]({{< relref "collection/showcases/azure-cli" >}}) (`--set`).
-3. **Package-level input** &mdash; a public API of a library that accepts a dotted path
-   and a value, reachable from another package that trusts its caller. Example:
-   `pydash.set_`, `glom.assign`, `mo_dots.set_attr`.
-
-In all three cases, the attacker controls the `name` (dotted path) and/or the `value` that
-reach a reflective sink. The attacker does **not** need to control imports: any
-`sys.modules` entry reached by any code path in the victim process is in scope.
-
-## Scale of the problem
-
-The analysis behind this research[^paper] scanned **671,475** real-world Python programs
-with Pyrl and produced:
-
-- **868** unique vulnerability reports,
-- **47** confirmed zero-day exploitable vulnerabilities,
-- **7** CVE identifiers assigned from this research (see
-  [CVE index]({{< relref "reference/cve-index" >}})),
-- Critical findings in Microsoft Azure CLI, Google Mesop, Taipy, django-unicorn, ComfyUI,
-  Hugging Face Diffusers, and others.
-
-## Related work
-
-- **JavaScript prototype pollution** was first documented by Olivier Arteau in 2018 and
-  systematized by Silvanovich and others[^silvanovich2021]. The object-model differences
-  above mean the Python variant is not a mechanical port.
-- **`pydash` gadget** (2022): [@abdulrah33m] published the first public demonstration of a
-  dunder-walk gadget in Python via `pydash.set_`.
-- **`deepdiff` advisory** ([CVE-2024-5254][deepdiff-cve], by [@chilaxan][chilaxan]): the
-  first CVE issued for a Python reflective-merge sink.
-- **Pyrl** (this work, IEEE S&P 2025[^paper]): the first automated detector, built on an
-  operational taint-analysis extension of CodeQL's Python support.
+Contributions are welcome: new gadgets, additional showcases, corrections, and translations. The site is built with Hugo from markdown sources under [`website/source/`](https://github.com/jackfromeast/python-class-pollution/tree/main/website/source). To propose a change, open an [issue](https://github.com/jackfromeast/python-class-pollution/issues) or a [pull request](https://github.com/jackfromeast/python-class-pollution/pulls) on the repo: https://github.com/jackfromeast/python-class-pollution.
 
 ## References
 
-[^silvanovich2021]: Natalie Silvanovich. *The Risks of JavaScript Prototype Pollution*.
-    Project Zero, 2021. <https://googleprojectzero.blogspot.com/>
-[^paper]: Zhengyu Liu, Jiacheng Zhong, Jianjia Yu, Muxi Lyu, Zifeng Kang, Yinzhi Cao.
-    *The First Large-Scale Systematic Study of Python Class Pollution Vulnerability*.
-    IEEE S&P 2025. <https://jackfromeast.github.io/assets/Pyrl.pdf>
+1. Abdulraheem Khaled, *"Prototype Pollution in Python."* 2023. [Link](https://blog.abdulrah33m.com/prototype-pollution-in-python/). Also presented at Black Hat MEA 2023, [Link](https://blackhatmea.com/session/prototype-pollution-bug-python).
+2. Ziyi Ouyang, *"Research and Explore of Prototype Pollution Attack in Python."* ACCTCS 2023. [Link](https://ieeexplore.ieee.org/abstract/document/10145365).
+3. Qingyun Zhang, *"Exploitation and prevention of Python prototype chain pollution."* Applied and Computational Engineering,43,229-236. [Link](https://doi.org/10.54254/2755-2721/43/20230839).
+4. Zhengyu Liu, Jiacheng Zhong, Jianjia Yu, Muxi Lyu, Zifeng Kang, Yinzhi Cao, *"The First Large-Scale Systematic Study of Python Class Pollution Vulnerability."* IEEE S&P 2026. [Link](https://jackfromeast.github.io/assets/Pyrl.pdf).
 
-[deepdiff-cve]: https://nvd.nist.gov/vuln/detail/CVE-2024-5254
-[chilaxan]: https://github.com/chilaxan
-[@abdulrah33m]: https://github.com/abdulrah33m
+[jsproto]: https://portswigger.net/web-security/prototype-pollution
+[pydash]: https://github.com/dgilland/pydash
+[paper]: https://jackfromeast.github.io/assets/Pyrl.pdf