Pylint plugin adding some checks to make Python code adhere to more secure coding standard

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Tachikoma from gravatar.com Tachikoma

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License (Apache2)

Author: Damien Nguyen

Requires: Python >=3.6

Classifiers

Project description

Pylint Secure Coding Standard Plugin

PyPI - Python Version PyPI version CI Build CodeQL pre-commit.ci status Coverage Status

pylint plugin that enforces some secure coding standards.

Installation

pip install pylint-secure-coding-standard

Pylint codes

Code Description
R8000 Use os.path.realpath() instead of os.path.abspath() and os.path.relpath()
E8001 Avoid using exec() and eval()
E8002 Avoid using os.sytem()
E8003 Avoid using shell=True in subprocess functions or using functions that internally set this
R8004 Avoid using tempfile.mktemp(), prefer tempfile.mkstemp() instead
E8005 Avoid using unsafe PyYAML loading functions
E8006 Avoid using jsonpickle.decode()
C8007 Avoid debug statement in production code
C8008 Avoid assert statements in production code
R8009 Use of builtin open for writing is discouraged in favor of os.open to allow for setting file permissions
E8010 Avoid using os.popen() as it internally uses subprocess.Popen with shell=True
E8011 Use of shlex.quote() should be avoided on non-POSIX platforms
W8012 Avoid using os.open() with unsafe permissions permissions
E8013 Avoid using pickle.load() and pickle.loads()
E8014 Avoid using marshal.load() and marshal.loads()
E8015 Avoid using shelve.open()

Plugin configuration options

File permissions when using os.open

Since version 1.3.0 you can control whether this plugin favors os.open over the builtin open function when opening files.

    [tool.pylint.plugins]
    os-open-mode = '0'            # check disabled
    os-open-mode = '0o000'        # check disabled
    os-open-mode = '493'          # all modes from 0 to 0o755
    os-open-mode = '0o755'        # all modes from 0 to 0o755
    os-open-mode = '0o755,'       # only 0o755
    os-open-mode = '0o644,0o755'  # only 0o644 and 0o755

You can also specify this option directly on the command line:

python3 -m pylint --load-plugins=pylint_secure_coding_standard --os-open-mode='0o755'

Pre-commit hook

See pre-commit for instructions

Sample .pre-commit-config.yaml:

  - repo: https://github.com/PyCQA/pylint/
    rev: pylint-2.6.0
    hooks:
    -   id: pylint
        args: [--load-plugins=pylint_secure_coding_standard]
        additional_dependencies: ['pylint-secure-coding-standard']

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Tachikoma from gravatar.com Tachikoma

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License (Apache2)

Author: Damien Nguyen

Requires: Python >=3.6

Classifiers

Release history Release notifications | RSS feed

1.5.1

1.5.0

1.4.1

1.4.0

1.3.1

This version

1.3.0

1.2.1

1.2.0

1.1.0

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pylint-secure-coding-standard-1.3.0.tar.gz (22.4 kB view hashes)

Uploaded Source

Built Distribution

pylint_secure_coding_standard-1.3.0-py2.py3-none-any.whl (11.8 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page