Secure Coding Guidelines for Python

rtphokie picture rtphokie · Aug 28, 2015 · Viewed 9.7k times · Source

Looking at the CERT Secure Standards (Example: https://www.securecoding.cert.org), there are specific standards, with great examples of what good and bad code looks like, for C, C++, Java, even Perl but not Python. Are there any Python specific standards are guidelines, preferably with examples available?

http://www.pythonsecurity.org/ appears to be focused security concerns in Python itself and on building an alternative Python binary to resolve these. A noble, but not recently active, cause. I'm looking for something that gives guidance to developers on what not to do and what to do instead.

Answer

devnull picture devnull · Mar 5, 2016

Seeing as lot of people are recommending formatting guidelines (PEP8), I have one that is actually for security.

There is a project in OpenStack (very big python based platform), called Bandit. It is a security lint tool.

https://github.com/openstack/bandit

You can run this tool against your own code, or if you wish to learn the inners of secure python coding, then take a look at the examples directory.