➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2020-01-30 05:14 by anthonypjshaw, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 18272 | merged | anthonypjshaw, 2020-01-30 05:15 | |
| PR 27696 | merged | miss-islington, 2021-08-09 22:36 | |
| PR 27699 | merged | miss-islington, 2021-08-09 22:39 | |
| Messages (9) | |||
|---|---|---|---|
| msg361009 - (view) | Author: anthony shaw (anthonypjshaw) *  |
Date: 2020-01-30 05:14 | |
Within the documentation, there are some really important security considerations for standard library modules. e.g. subprocess, ssl, pickle, xml. There is currently no "index" of these, so you have to go hunting for them. They're easter eggs within the docs. There isn't a unique admonition type either, so you have to search across many criteria. In particular for security researchers, it would be useful to consolidate and signpost these security best-practices in one index. PR to follow, |
|||
| msg361697 - (view) | Author: Julien Palard (mdk) *  |
Date: 2020-02-10 14:18 | |
Asked on gh: > this is a "security guidance for standard library modules" index? (I'm not sure to understand the question exactly) I think it could be usefull from a reviewer point of view to have such index so he can iterate over it and check point by point if the code is OK. In this case, linking to all notes like "beware, wrong usage of this could lead to security issues" looks what's needed in this index. Anthony: did you opened the issue with this in mind or any other usages? |
|||
| msg361746 - (view) | Author: Carol Willing (willingc) * |
Date: 2020-02-10 23:07 | |
I agree that a helpful entry in the index would be a nice addition. Christian would be the person to start with since he probably has ideas what would be useful too. |
|||
| msg372288 - (view) | Author: Éric Araujo (eric.araujo) * |
Date: 2020-06-24 22:01 | |
I think that we could make this easier with a custom directive that’s rendered into the appropriate markup during build and auto-generates the index page with links to all links. No error-prone manual update needed! |
|||
| msg372302 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2020-06-25 05:40 | |
+1 |
|||
| msg372303 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2020-06-25 05:44 | |
There are more features that should have security considerations, e.g. builtin functions like eval and exec. |
|||
| msg399293 - (view) | Author: Łukasz Langa (lukasz.langa) * |
Date: 2021-08-09 22:35 | |
New changeset c5c5326d4799fe4ae566aff32ed3461af95859cc by Anthony Shaw in branch 'main': bpo-39498 Start linking the security warnings in the stdlib modules (GH-18272) https://github.com/python/cpython/commit/c5c5326d4799fe4ae566aff32ed3461af95859cc |
|||
| msg399299 - (view) | Author: miss-islington (miss-islington) | Date: 2021-08-10 07:51 | |
New changeset d657da8155cc9611b901ea052f3eac28f99122b4 by Miss Islington (bot) in branch '3.10': bpo-39498 Start linking the security warnings in the stdlib modules (GH-18272) https://github.com/python/cpython/commit/d657da8155cc9611b901ea052f3eac28f99122b4 |
|||
| msg399300 - (view) | Author: Łukasz Langa (lukasz.langa) * |
Date: 2021-08-10 07:51 | |
New changeset fcbe8c63d78b5dd59470b5808d898b87d8ba0350 by Miss Islington (bot) in branch '3.9': bpo-39498 Start linking the security warnings in the stdlib modules (GH-18272) (GH-27699) https://github.com/python/cpython/commit/fcbe8c63d78b5dd59470b5808d898b87d8ba0350 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:26 | admin | set | github: 83679 |
| 2021-08-10 07:52:07 | lukasz.langa | set | status: open -> closed resolution: fixed stage: patch review -> resolved |
| 2021-08-10 07:51:37 | lukasz.langa | set | messages: + msg399300 |
| 2021-08-10 07:51:36 | miss-islington | set | messages: + msg399299 |
| 2021-08-09 22:39:26 | miss-islington | set | pull_requests: + pull_request26185 |
| 2021-08-09 22:36:20 | miss-islington | set | nosy:
+ miss-islington pull_requests: + pull_request26182 |
| 2021-08-09 22:35:55 | lukasz.langa | set | nosy:
+ lukasz.langa messages: + msg399293 |
| 2020-06-25 05:44:28 | christian.heimes | set | messages: + msg372303 |
| 2020-06-25 05:40:44 | christian.heimes | set | nosy:
+ christian.heimes messages: + msg372302 |
| 2020-06-24 22:01:55 | eric.araujo | set | nosy:
+ eric.araujo messages: + msg372288 |
| 2020-02-10 23:07:17 | willingc | set | nosy:
+ willingc messages: + msg361746 |
| 2020-02-10 14:18:35 | mdk | set | nosy:
+ mdk messages: + msg361697 |
| 2020-01-30 05:15:42 | anthonypjshaw | set | keywords:
+ patch stage: patch review pull_requests: + pull_request17647 |
| 2020-01-30 05:14:32 | anthonypjshaw | create | |