Dear list, As many of you know, SEI/CERT maintains a set of secure coding standards for many languages like C/C++, Java and Perl:
SEI CERT Coding Standards https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards I'm looking for something similar, but with specific advice applicable to Python. Books and online references are welcome. On the same topic: coming from Perl, I'm used to "Taint mode": -- https://perldoc.perl.org/perlsec.html While in this mode, Perl takes special precautions called taint checks to prevent both obvious and subtle traps. Some of these checks are reasonably simple, such as verifying that path directories aren't writable by others; careful programmers have always used checks like these. Other checks, however, are best supported by the language itself, and it is these checks especially that contribute to making a set-id Perl program more secure than the corresponding C program. You may not use data derived from outside your program to affect something else outside your program--at least, not by accident. All command line arguments, environment variables, locale information (see perllocale), results of certain system calls (readdir(), readlink(), the variable of shmread(), the messages returned by msgrcv(), the password, gcos and shell fields returned by the getpwxxx() calls), and all file input are marked as "tainted". Tainted data may not be used directly or indirectly in any command that invokes a sub-shell, nor in any command that modifies files, directories, or processes, ... -- Is there anything like this in Python? What would be your recommendations? Thanks! Regards, -- Kor. -- https://mail.python.org/mailman/listinfo/python-list
