Secure Coding in Python
Kor son of Rynar
daharmasterkor at gmail.com
Fri Apr 10 13:59:40 EDT 2020
Dear list,
As many of you know, SEI/CERT maintains a set of secure coding standards
for many languages like C/C++, Java and Perl:
SEI CERT Coding Standards
https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards
I'm looking for something similar, but with specific advice applicable to
Python. Books and online references are welcome.
On the same topic: coming from Perl, I'm used to "Taint mode":
--
https://perldoc.perl.org/perlsec.html
While in this mode, Perl takes special precautions called taint checks to
prevent both obvious and subtle traps. Some of these checks are reasonably
simple, such as verifying that path directories aren't writable by others;
careful programmers have always used checks like these. Other checks,
however, are best supported by the language itself, and it is these checks
especially that contribute to making a set-id Perl program more secure than
the corresponding C program.
You may not use data derived from outside your program to affect something
else outside your program--at least, not by accident. All command line
arguments, environment variables, locale information (see perllocale),
results of certain system calls (readdir(), readlink(), the variable of
shmread(), the messages returned by msgrcv(), the password, gcos and shell
fields returned by the getpwxxx() calls), and all file input are marked as
"tainted". Tainted data may not be used directly or indirectly in any
command that invokes a sub-shell, nor in any command that modifies files,
directories, or processes, ...
--
Is there anything like this in Python? What would be your
recommendations? Thanks!
Regards,
--
Kor.
More information about the Python-list
mailing list