Is this what you are looking for? https://medium.com/@felsen88/python-secure-coding-guidelines-73c7ce1db86c
On Sat, 11 Apr, 2020, 3:54 am Kor son of Rynar, <daharmaster...@gmail.com> wrote: > Dear list, > > As many of you know, SEI/CERT maintains a set of secure coding standards > for many languages like C/C++, Java and Perl: > > SEI CERT Coding Standards > > > https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards > > I'm looking for something similar, but with specific advice applicable to > Python. Books and online references are welcome. > > On the same topic: coming from Perl, I'm used to "Taint mode": > -- > https://perldoc.perl.org/perlsec.html > > While in this mode, Perl takes special precautions called taint checks to > prevent both obvious and subtle traps. Some of these checks are reasonably > simple, such as verifying that path directories aren't writable by others; > careful programmers have always used checks like these. Other checks, > however, are best supported by the language itself, and it is these checks > especially that contribute to making a set-id Perl program more secure than > the corresponding C program. > > You may not use data derived from outside your program to affect something > else outside your program--at least, not by accident. All command line > arguments, environment variables, locale information (see perllocale), > results of certain system calls (readdir(), readlink(), the variable of > shmread(), the messages returned by msgrcv(), the password, gcos and shell > fields returned by the getpwxxx() calls), and all file input are marked as > "tainted". Tainted data may not be used directly or indirectly in any > command that invokes a sub-shell, nor in any command that modifies files, > directories, or processes, ... > -- > > Is there anything like this in Python? What would be your > recommendations? Thanks! > > Regards, > -- > Kor. > -- > https://mail.python.org/mailman/listinfo/python-list > -- https://mail.python.org/mailman/listinfo/python-list
