Pylint plugin adding some checks to make Python code adhere to more secure coding standard
Project description
Pylint Secure Coding Standard Plugin
pylint plugin that enforces some secure coding standards.
Installation
pip install pylint-secure-coding-standard
Pylint codes
| Code | Description |
|---|---|
| R8000 | Use os.path.realpath() instead of os.path.abspath() and os.path.relpath() |
| E8001 | Avoid using exec() and eval() |
| E8002 | Avoid using os.sytem() |
| E8003 | Avoid using shell=True in subprocess functions or using functions that internally set this |
| R8004 | Avoid using tempfile.mktemp(), prefer tempfile.mkstemp() instead |
| E8005 | Avoid using unsafe PyYAML loading functions |
| E8006 | Avoid using jsonpickle.decode() |
| C8007 | Avoid debug statement in production code |
| C8008 | Avoid assert statements in production code |
| R8009 | Use of builtin open for writing is discouraged in favor of os.open to allow for setting file permissions |
| E8010 | Avoid using os.popen() as it internally uses subprocess.Popen with shell=True |
| E8011 | Use of shlex.quote() should be avoided on non-POSIX platforms |
| W8012 | Avoid using os.open() with unsafe permissions permissions |
| E8013 | Avoid using pickle.load() and pickle.loads() |
| E8014 | Avoid using marshal.load() and marshal.loads() |
| E8015 | Avoid using shelve.open() |
Plugin configuration options
File permissions when using os.open
Since version 1.3.0 you can control whether this plugin favors os.open over the builtin open function when opening files.
[tool.pylint.plugins]
os-open-mode = '0' # check disabled
os-open-mode = '0o000' # check disabled
os-open-mode = '493' # all modes from 0 to 0o755
os-open-mode = '0o755' # all modes from 0 to 0o755
os-open-mode = '0o755,' # only 0o755
os-open-mode = '0o644,0o755' # only 0o644 and 0o755
You can also specify this option directly on the command line:
python3 -m pylint --load-plugins=pylint_secure_coding_standard --os-open-mode='0o755'
Pre-commit hook
See pre-commit for instructions
Sample .pre-commit-config.yaml:
- repo: https://github.com/PyCQA/pylint/
rev: pylint-2.6.0
hooks:
- id: pylint
args: [--load-plugins=pylint_secure_coding_standard]
additional_dependencies: ['pylint-secure-coding-standard']
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pylint-secure-coding-standard-1.3.0.tar.gz.
File metadata
- Download URL: pylint-secure-coding-standard-1.3.0.tar.gz
- Upload date:
- Size: 22.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.6.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.61.2 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 54ee4d4091513afc25eae176ffbe2c46012688aba5d4824709f9030e29a6d627 |
|
| MD5 | d1eac910837724e6b655143fc69d2d80 |
|
| BLAKE2b-256 | db1971b389591dae5e9eff01450ce00307c56b3c5ce36564a8cd95c16947a4e1 |
File details
Details for the file pylint_secure_coding_standard-1.3.0-py2.py3-none-any.whl.
File metadata
- Download URL: pylint_secure_coding_standard-1.3.0-py2.py3-none-any.whl
- Upload date:
- Size: 11.8 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.6.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.61.2 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | dcb308e710a6acfa461630a664dcec18659940cd186f3c1dc2899d87b9ee570a |
|
| MD5 | 0f79a209e5caedefd9127ca6e189fa2e |
|
| BLAKE2b-256 | a9176c15366743432b716405d1ab66599bcad583bf3c9a461ff260a6f518424f |
