Flake8 plugin adding some checks to make Python code adhere to more secure coding standard

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Tachikoma from gravatar.com Tachikoma

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License (Apache2)

Author: Damien Nguyen

Requires: Python >=3.8

Classifiers

Project description

Flake8 Secure Coding Standard Plugin

PyPI - Python Version PyPI version CI Build CodeQL pre-commit.ci status Coverage Status

flake8 plugin that enforces some secure coding standards.

Installation

pip install flake8-secure-coding-standard

Flake8 codes

Code Description
SCS100 Use of os.path.abspath() and os.path.relpath() should be avoided in favor of os.path.realpath()
SCS101 Use of eval() and exec() represent a security risk and should be avoided
SCS102 Use of os.system() should be avoided
SCS103 Use of shell=True in subprocess functions or use of functions that internally set this should be avoided
SCS104 Use of tempfile.mktemp() should be avoided, prefer tempfile.mkstemp()
SCS105 Use of yaml.load() should be avoided, prefer yaml.safe_load() or yaml.load(xxx, Loader=SafeLoader)
SCS106 Use of jsonpickle.decode() should be avoided
SCS107 Use of debugging code should not be present in production code (e.g. import pdb)
SCS108 assert statements should not be present in production code
SCS109 Use of builtin open for writing is discouraged in favor of os.open to allow for setting file permissions
SCS110 Avoid using os.popen() as it internally uses subprocess.Popen with shell=True
SCS111 Use of shlex.quote() should be avoided on non-POSIX platforms
SCS112 Avoid using os.open() with unsafe file permissions
SCS113 Avoid using pickle.load() and pickle.loads()
SCS114 Avoid using marshal.load() and marshal.loads()
SCS115 Avoid using shelve.open()
SCS116 Avoid using os.mkdir and os.makedirs with unsafe file permissions
SCS117 Avoid using os.mkfifo with unsafe file permissions
SCS118 Avoid using os.mknod with unsafe file permissions
SCS119 Avoid using os.chmod with unsafe file permissions (W ^ X for group and others)

Plugin configuration options

This plugin supports some configuration options that may either be specified directly on the command line with a flag using the option name as --name or by specifying them in one of flake8's configuration files (ie. pyproject.toml, setup.cfg, .flake8, etc.).

Available options:

Option name Option type Default value Related error code
os-open-mode mode-like 0 (off) SCS112
os-mkdir-mode mode-like 0 (off) SCS116
os-mkfifo-mode mode-like 0 (off) SCS117
os-mknod-mode mode-like 0 (off) SCS118

Mode-like options

Mode-like options are configuration options for errors/warnings that relate to some function that accepts a mode parameter (or similar) that control some file or directory permissions. For those kind of options, the plugin understands a variety of values that must be specified as string. They will then be parsed into a list of allowed mode values:

  • Any positive, non-zero (octal or decimal) integer value specifies the maximum value for the mode value
  • A comma-separated list of (octal or decimal) integers indicates the list of allowed mode values
  • 'y', 'yes', 'true' (case-insensitive) will turn on the warnings using the default value of 0o755
  • 'n', 'no', 'false' (case-insensitive) will turn off the warnings

Example of values (for pyproject.toml):

    [tool.flake8]
    os-open-mode = '0'            # check disabled
    os-open-mode = 'no'           # check disabled
    os-open-mode = '493'          # all modes from 0 to 493 (=0o755)
    os-open-mode = '0o755'        # all modes from 0 to 0o755
    os-open-mode = '0o755,'       # only 0o755 (notice the comma)
    os-open-mode = '0o644,0o755'  # only 0o644 and 0o755

You can also specify those options directly on the command line:

python3 -m flake8 --os-open-mode='0o755'

Pre-commit hook

See pre-commit for instructions

Sample .pre-commit-config.yaml:

-   repo: https://github.com/PyCQA/flake8
    rev: 4.0.0
    hooks:
    -   id: flake8
        additional_dependencies: [flake8-secure-coding-standard]

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Tachikoma from gravatar.com Tachikoma

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License (Apache2)

Author: Damien Nguyen

Requires: Python >=3.8

Classifiers

Release history Release notifications | RSS feed

This version

1.4.1

1.4.0

1.3.0

1.2.2

1.2.1

1.2.0

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flake8-secure-coding-standard-1.4.1.tar.gz (28.9 kB view hashes)

Uploaded Source

Built Distribution

flake8_secure_coding_standard-1.4.1-py2.py3-none-any.whl (14.4 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page