Secure Coding in Python

Fri Apr 10 20:53:34 EDT 2020

Is this what you are looking for?
https://medium.com/@felsen88/python-secure-coding-guidelines-73c7ce1db86c

On Sat, 11 Apr, 2020, 3:54 am Kor son of Rynar, <daharmasterkor at gmail.com>
wrote:

> Dear list,
>
> As many of you know, SEI/CERT maintains a set of secure coding standards
> for many languages like C/C++, Java and Perl:
>
>   SEI CERT Coding Standards
>
>
> https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards
>
> I'm looking for something similar, but with specific advice applicable to
> Python.  Books and online references are welcome.
>
> On the same topic: coming from Perl, I'm used to "Taint mode":
> --
> https://perldoc.perl.org/perlsec.html
>
> While in this mode, Perl takes special precautions called taint checks to
> prevent both obvious and subtle traps. Some of these checks are reasonably
> simple, such as verifying that path directories aren't writable by others;
> careful programmers have always used checks like these. Other checks,
> however, are best supported by the language itself, and it is these checks
> especially that contribute to making a set-id Perl program more secure than
> the corresponding C program.
>
> You may not use data derived from outside your program to affect something
> else outside your program--at least, not by accident. All command line
> arguments, environment variables, locale information (see perllocale),
> results of certain system calls (readdir(), readlink(), the variable of
> shmread(), the messages returned by msgrcv(), the password, gcos and shell
> fields returned by the getpwxxx() calls), and all file input are marked as
> "tainted". Tainted data may not be used directly or indirectly in any
> command that invokes a sub-shell, nor in any command that modifies files,
> directories, or processes, ...
> --
>
> Is there anything like this in Python?  What would be your
> recommendations?  Thanks!
>
> Regards,
> --
> Kor.
> --
> https://mail.python.org/mailman/listinfo/python-list
>