Reviewed the Python Secure Coding Guide and made a lot of minor changes #1004
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Bartlomiej Karas <bartlomiej.karas@ericsson.com>
Signed-off-by: Bartlomiej Karas <bartlomiej.karas@ericsson.com>
Signed-off-by: myteron <myteron@gmail.com>
myteron
reviewed
Oct 21, 2025
| # CWE-501: Trust Boundary Violation | ||
|
|
||
| Python does not share the concept of different trust zones within the same runtime as explained in the *JAVA SEI CERT Rule 15 platform security (SEC)* [[SEI CERT 2022]](https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88487683) rules. Python neither has a security manager that can control access between trusted and untrusted code running on the same JVM. “Private” instance variables that cannot be accessed except from inside an object don’t exist in Python [Python 2023]. | ||
| In Python we need to implement different trust zone's by starting python runtime's with individual POSIX/Machine users. The POSIX/Machine user access rights must be set in accordance to level of trust per zone. |
There was a problem hiding this comment.
I believe it is important to point why its required to build up trust zones. So we need to explain that trust management as known by the Java runtime access manger Introducing Oracle Access Management does not exist in CPython.
Comment on lines
+6
to
+14
|
|
||
| The acronym stands for six key threat categories: | ||
|
|
||
| * Spoofing - Impersonating someone else, foten to gain unauthorized access. | ||
| * Tampering - Unauthorised modification of data, code, or configurations. | ||
| * Repudiation - Denying the performance of an action, making it difficult to prove responsibility wihtout proper logging or auditing. | ||
| * Information Disclosure - Exposing sensitive information to unauthorised parties. | ||
| * Denial of Service (DoS) - Disrupting system availability or performance. | ||
| * Elevation of Privilege - Gaining higher access rights than intented, often leading to great system control. |
There was a problem hiding this comment.
I purposefully did not got into details on STRIDE to avoid derailing or distracting the key point. I have neither tried to analyze it in the noncompliant example to this level. Someone not knowing STRIDE can look it up but its not required to understand for understanding the key message.
| ## Noncompliant Code Example | ||
|
|
||
| The `noncompliant01.py` code demonstrates arbitrary code execution [Checkoway Oct 2013] using `os.system` to launch a program during unpickling when `pickle.loads()`. | ||
| The `noncompliant01.py` code demonstrates arbitrary code execution using `os.system` to launch a program during unpickling when `pickle.loads()`. |
There was a problem hiding this comment.
Its quite an interesting reference, below link also need to be added to the Reference section.
Suggested change
| The `noncompliant01.py` code demonstrates arbitrary code execution using `os.system` to launch a program during unpickling when `pickle.loads()`. | |
| The `noncompliant01.py` code demonstrates arbitrary code execution using `os.system` to launch a program during unpickling when `pickle.loads()` [[Checkoway Oct 2013](https://checkoway.net/musings/pickle/)] |
| ## Non-compliant Code Example (Right Shift) | ||
| In this non-compliant code example is using an arithmetic right shift >>= operator in an attempt to optimize performance for dividing x by 4 without floating point. | ||
| The `nonompliant02.py` code example is using an arithmetic right shift >>= operator in an attempt to optimize performance for dividing x by 4 without floating point. |
There was a problem hiding this comment.
Suggested change
| The `nonompliant02.py` code example is using an arithmetic right shift >>= operator in an attempt to optimize performance for dividing x by 4 without floating point. | |
| The `noncompliant02.py` code example is using an arithmetic right shift `>>=` operator in an attempt to optimize performance for dividing `x` by `4` without floating point. |
| ## Compliant Solution | ||
|
|
||
| The `compliant01.py` code using the cross-platform compatible pathlib module and restricting filesystem area. The `pathlib` on its own will not prevent all attacks. | ||
| The `compliant01.py` code uses the cross-platform compatible pathlib module and restricting filesystem area. The `pathlib` on its own will not prevent all attacks. |
There was a problem hiding this comment.
Suggested change
| The `compliant01.py` code uses the cross-platform compatible pathlib module and restricting filesystem area. The `pathlib` on its own will not prevent all attacks. | |
| The `compliant01.py` code uses the cross-platform compatible `pathlib` module and restricting filesystem area. The `pathlib` on its own will not prevent all attacks. |
myteron
requested changes
Oct 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I added a few sentences, moved things around, fixed typos, removed Wikipedia links and inserted new links etc.