From 3cd4c007877763c4d9f70bcf3ceb9217b5574a9e Mon Sep 17 00:00:00 2001 From: Kian-Meng Ang Date: Wed, 24 Aug 2022 22:03:32 +0800 Subject: [PATCH] Fix typos and prettify MD/YAML files (#48) Found through these commands: - codespell . - prettier --write . --- .github/workflows/ci.yml | 10 +-- CHANGELOG.md | 44 +++++++++- CONTRIBUTING.md | 22 ++--- README.md | 28 ++++--- docs/README.md | 169 ++++++++++++++++++++------------------- docs/linters/DUO101.md | 2 +- docs/linters/DUO102.md | 2 +- docs/linters/DUO103.md | 4 +- docs/linters/DUO104.md | 4 +- docs/linters/DUO105.md | 5 +- docs/linters/DUO106.md | 4 +- docs/linters/DUO107.md | 2 +- docs/linters/DUO108.md | 2 +- docs/linters/DUO109.md | 1 - docs/linters/DUO110.md | 4 +- docs/linters/DUO111.md | 4 +- docs/linters/DUO112.md | 2 +- docs/linters/DUO115.md | 2 +- docs/linters/DUO119.md | 4 +- docs/linters/DUO120.md | 4 +- docs/linters/DUO121.md | 2 +- docs/linters/DUO122.md | 30 +++---- docs/linters/DUO123.md | 4 +- docs/linters/DUO124.md | 2 +- docs/linters/DUO127.md | 2 +- docs/linters/DUO128.md | 20 ++--- docs/linters/DUO129.md | 20 ++--- docs/linters/DUO130.md | 8 +- docs/linters/DUO131.md | 4 +- docs/linters/DUO132.md | 6 +- docs/linters/DUO133.md | 10 +-- docs/linters/DUO134.md | 14 ++-- docs/linters/DUO135.md | 4 +- docs/linters/DUO136.md | 10 +-- docs/linters/DUO138.md | 20 ++--- 35 files changed, 259 insertions(+), 216 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 13ecd26..6f86993 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,11 +10,11 @@ jobs: - macos-latest - windows-latest python-version: - - '3.6' - - '3.7' - - '3.8' - - '3.9' - - '3.10' + - "3.6" + - "3.7" + - "3.8" + - "3.9" + - "3.10" steps: - uses: actions/checkout@v2 - name: Set up Python diff --git a/CHANGELOG.md b/CHANGELOG.md index 93e114d..eed74bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ # Changelog + All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), @@ -7,93 +8,126 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ## [0.13.0] - 2022-08-09 + ### Added + - Support for Flake8 5 ([#45](https://github.com/dlint-py/dlint/issues/45)) ### Changed + - Support `usedforsecurity=False` parameter to hashlib constructors ([#39](https://github.com/dlint-py/dlint/issues/39)) ## [0.12.0] - 2021-10-27 + ### Added + - Support for Python 3.10 - Support for Flake8 4 ([#36](https://github.com/dlint-py/dlint/issues/36)) ### Removed + - Support for Python 2.7 ([#3](https://github.com/dlint-py/dlint/issues/3)) ## [0.11.0] - 2020-10-30 + ### Added + - Support for Python 3.9 ([#32](https://github.com/dlint-py/dlint/issues/32)) ### Fixed + - False positive for `DUO107` when `xml.etree.ElementTree.{Element,SubElement}` used ([#28](https://github.com/dlint-py/dlint/issues/28)) - False positive for `DUO116` when `shell=False` used ([#31](https://github.com/dlint-py/dlint/pull/31)) ### Removed + - Support for Python 3.5 ## [0.10.3] - 2020-03-09 + ### Fixed + - False positive for `DUO138` when expressions aren't backtrackable ([#14](https://github.com/dlint-py/dlint/issues/14)) ## [0.10.2] - 2020-02-19 + ### Changed + - Cache namespace results and minimize kwarg checks by grouping similar rules - ~500% speed up ([#18](https://github.com/dlint-py/dlint/issues/18)) -- Only run linters that are selected - speed up depends on number of linters seleted ([#19](https://github.com/dlint-py/dlint/issues/19)) +- Only run linters that are selected - speed up depends on number of linters selected ([#19](https://github.com/dlint-py/dlint/issues/19)) ### Fixed + - The `--print-dlint-linters` flag on Windows ([#17](https://github.com/dlint-py/dlint/issues/17)) ## [0.10.1] - 2020-01-21 + ### Fixed + - Crash in `DUO138` when malformed regular expression ([#15](https://github.com/dlint-py/dlint/issues/15)) ## [0.10.0] - 2020-01-21 + ### Added + - `DUO137`: lint for insecure itsdangerous kwarg usage ([#36](https://github.com/duo-labs/dlint/issues/36)) - `DUO138`: lint for regular expression catastrophic backtracking in re module ([#41](https://github.com/duo-labs/dlint/issues/41)) ### Fixed + - False positive for `DUO137` when kwarg missing ([#39](https://github.com/duo-labs/dlint/issues/39)) ## [0.9.2] - 2019-11-21 + ### Fixed + - False negative with arbitrary depth from import alias in bad module attribute ([#32](https://github.com/duo-labs/dlint/issues/32)) - False negative with arbitrary depth from import wildcard in bad module attribute ([#33](https://github.com/duo-labs/dlint/issues/33)) ## [0.9.1] - 2019-11-06 + ### Fixed + - False positive with `input` as variable name ([#31](https://github.com/duo-labs/dlint/issues/31)) ## [0.9.0] - 2019-10-13 + ### Added + - `DUO116`: rule for `subprocess.run` ([#24](https://github.com/duo-labs/dlint/issues/24)) - The `--print-dlint-linters` command-line flag to print all Dlint linters ([#26](https://github.com/duo-labs/dlint/issues/26)) - `DUO136`: lint for insecure xmlsec usage ([#27](https://github.com/duo-labs/dlint/issues/27)) ### Changed + - Visitor strategy to minimize node visits - ~25% speed up ([#28](https://github.com/duo-labs/dlint/issues/28)) ### Fixed + - False negative with nested imports in bad module attribute ([#30](https://github.com/duo-labs/dlint/issues/30)) ### Removed + - `dlint.linters.helpers.bad_kwarg_use`: use of `attribute_name` in favor of fully specified `module_path` ([#19](https://github.com/duo-labs/dlint/issues/19)) - `dlint.tree`: use of `kwarg_attribute` in favor of `kwarg_module_path` ([#21](https://github.com/duo-labs/dlint/issues/21)) - `dlint.linters.helpers.bad_name_attribute_use`: use of attribute list in favor of fully specified module path ([#20](https://github.com/duo-labs/dlint/issues/20)) ## [0.8.0] - 2019-09-18 + ### Added + - Support for Python 3.8 ([#12](https://github.com/duo-labs/dlint/issues/12)) - `DUO134`: lint for insecure cryptography usage ([#6](https://github.com/duo-labs/dlint/issues/6)) - `DUO135`: lint for insecure defusedxml usage ([#5](https://github.com/duo-labs/dlint/issues/5)) ### Deprecated + - `dlint.linters.helpers.bad_kwarg_use`: use of `attribute_name` in favor of fully specified `module_path` ([#19](https://github.com/duo-labs/dlint/issues/19)) - `dlint.tree`: use of `kwarg_attribute` in favor of `kwarg_module_path` ([#21](https://github.com/duo-labs/dlint/issues/21)) - `dlint.linters.helpers.bad_name_attribute_use`: use of attribute list in favor of fully specified module path ([#20](https://github.com/duo-labs/dlint/issues/20)) ### Fixed + - False negative when deep imports are not fully specified in bad module attribute ([#1](https://github.com/duo-labs/dlint/issues/1)) - False negative - consider `async` functions in bad name attribute ([7bd249e](https://github.com/duo-labs/dlint/commit/7bd249e80a91f7c38f2c1f05045a826e0bef3246)) - False negative in various import scenarios when using `attribute_name` in bad kwarg ([#19](https://github.com/duo-labs/dlint/issues/19)) @@ -101,23 +135,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - False negative in various import scenarios when using attribute list in bad name attribute ([#20](https://github.com/duo-labs/dlint/issues/20)) ## [0.7.0] - 2019-08-24 + ### Added + - `DUO133`: lint for pycrypto usage ([#7](https://github.com/duo-labs/dlint/issues/7)) ### Fixed + - False positive when bad builtin is overwritten by import ([#16](https://github.com/duo-labs/dlint/issues/16)) - False negative when bad module attribute uses import alias ([#2](https://github.com/duo-labs/dlint/issues/2)) - False positive when bad module attribute not imported ([#14](https://github.com/duo-labs/dlint/issues/14)) ## [0.6.0] - 2019-08-12 + ### Added + - Support for Python 3.5 and 3.7 ([#9](https://github.com/duo-labs/dlint/issues/9)) - `DUO131`: lint for disabling urllib3 warnings - `DUO132`: lint for disabling urllib3 HTTPS certification verification ### Removed + - `FormatStringLinter`, previously `DUO104`, as it was a disabled expirement ([#15](https://github.com/duo-labs/dlint/issues/15)) ## [0.5.0] - 2019-07-17 + ### Added + - Initial public release of Dlint diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3c02e85..981c8a9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -16,15 +16,15 @@ knowledge. **Further, please check out our brief section on [developing](https:/ When adding new linters: -* New linters should be added to the `dlint/linters/` directory. -* Add a new file and class inheriting from `base.BaseLinter` for each new linter. -* Add a "pass-through" import of the new class to `dlint.linters.__init__.py`. -* Add the new class to `ALL` in `dlint.linters.__init__.py`. -* Add documentation link in `docs/README.md`. -* Add documentation file in `docs/linters/`. -* Ensure new rules are properly tested (high or complete test coverage). -* Ensure new code adheres to the style guide/linting process. -* Add new rule information to `CHANGELOG.md` under `Unreleased` section, `Added` sub-section. +- New linters should be added to the `dlint/linters/` directory. +- Add a new file and class inheriting from `base.BaseLinter` for each new linter. +- Add a "pass-through" import of the new class to `dlint.linters.__init__.py`. +- Add the new class to `ALL` in `dlint.linters.__init__.py`. +- Add documentation link in `docs/README.md`. +- Add documentation file in `docs/linters/`. +- Ensure new rules are properly tested (high or complete test coverage). +- Ensure new code adheres to the style guide/linting process. +- Add new rule information to `CHANGELOG.md` under `Unreleased` section, `Added` sub-section. From here, please create a [pull request](https://github.com/dlint-py/dlint/pulls) with your changes and wait for a review. @@ -36,7 +36,7 @@ first. This issue should include a snippet of code for reproducing the bug. E.g. -*I expected `dlint` to flag the following code for faulty use of the `foo` module:* +_I expected `dlint` to flag the following code for faulty use of the `foo` module:_ ``` from bar import foo @@ -46,7 +46,7 @@ widget = foo.baz(var) send_result(widget) ``` -*Please update `dlint` to catch this. Thanks!* +_Please update `dlint` to catch this. Thanks!_ After reporting the issue, if you'd like to help fix it, please create a [pull request](https://github.com/dlint-py/dlint/pulls) with the diff --git a/README.md b/README.md index 0927f74..7a48a42 100644 --- a/README.md +++ b/README.md @@ -11,10 +11,12 @@ Dlint is a tool for encouraging best coding practices and helping ensure Python > aggressively pursue static code analysis. Even more valuable than the > hundreds of serious bugs I have prevented with it is the change in mindset > about the way I view software reliability and code quality. +> > - [John Carmack, 2011](https://www.gamasutra.com/view/news/128836/InDepth_Static_Code_Analysis.php) > For a static analysis project to succeed, developers must feel they benefit > from and enjoy using it. +> > - [Lessons from Building Static Analysis Tools at Google](https://cacm.acm.org/magazines/2018/4/226371-lessons-from-building-static-analysis-tools-at-google/fulltext) For documentation and a list of rules see [docs](https://github.com/dlint-py/dlint/tree/master/docs). @@ -65,8 +67,8 @@ $ python -m flake8 --select=DUO test.py test.py:2:1: DUO105 use of "exec" is insecure ``` -* *Why is this insecure? To learn more visit [`/docs/linters/DUO105.md`](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO105.md).* -* *Why `DUO`? Dlint was originally developed by the [Duo Labs](https://duo.com/blog/introducing-dlint-robust-static-analysis-for-python) team.* +- _Why is this insecure? To learn more visit [`/docs/linters/DUO105.md`](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO105.md)._ +- _Why `DUO`? Dlint was originally developed by the [Duo Labs](https://duo.com/blog/introducing-dlint-robust-static-analysis-for-python) team._ The `--select=DUO` flag tells `flake8` to only run Dlint lint rules. @@ -88,12 +90,12 @@ Dlint results can also be included inline in your editor for fast feedback. This typically requires an editor plugin or extension. Here are some starting points for common editors: -* Vim: [https://github.com/vim-syntastic/syntastic](https://github.com/vim-syntastic/syntastic) -* Emacs: [https://github.com/flycheck/flycheck](https://github.com/flycheck/flycheck) -* Sublime: [https://github.com/SublimeLinter/SublimeLinter-flake8](https://github.com/SublimeLinter/SublimeLinter-flake8) -* PyCharm: [https://foxmask.net/post/2016/02/17/pycharm-running-flake8/](https://foxmask.net/post/2016/02/17/pycharm-running-flake8/) -* Atom: [https://atom.io/packages/linter-flake8](https://atom.io/packages/linter-flake8) -* Visual Studio Code: [https://code.visualstudio.com/docs/python/linting#_flake8](https://code.visualstudio.com/docs/python/linting#_flake8) +- Vim: [https://github.com/vim-syntastic/syntastic](https://github.com/vim-syntastic/syntastic) +- Emacs: [https://github.com/flycheck/flycheck](https://github.com/flycheck/flycheck) +- Sublime: [https://github.com/SublimeLinter/SublimeLinter-flake8](https://github.com/SublimeLinter/SublimeLinter-flake8) +- PyCharm: [https://foxmask.net/post/2016/02/17/pycharm-running-flake8/](https://foxmask.net/post/2016/02/17/pycharm-running-flake8/) +- Atom: [https://atom.io/packages/linter-flake8](https://atom.io/packages/linter-flake8) +- Visual Studio Code: [https://code.visualstudio.com/docs/python/linting#\_flake8](https://code.visualstudio.com/docs/python/linting#_flake8) # Integrating @@ -107,11 +109,11 @@ Dlint's custom plugins are built on a [simple naming convention](https://packagi and rely on [Python modules](https://docs.python.org/3/distutils/examples.html#pure-python-distribution-by-module). To make a Dlint custom plugin use the following conventions: -* The Python module name **must** start with `dlint_plugin_`. -* The linter class name **must** start with `Dlint`. -* The linter class **should** inherit from `dlint.linters.base.BaseLinter`. - * If for some reason you'd like to avoid this, then you **must** implement - the `get_results` function appropriately and inherit from `ast.NodeVisitor`. +- The Python module name **must** start with `dlint_plugin_`. +- The linter class name **must** start with `Dlint`. +- The linter class **should** inherit from `dlint.linters.base.BaseLinter`. + - If for some reason you'd like to avoid this, then you **must** implement + the `get_results` function appropriately and inherit from `ast.NodeVisitor`. See an [example plugin](https://github.com/dlint-py/dlint-plugin-example) for further details. diff --git a/docs/README.md b/docs/README.md index 1d6f370..2ac97ea 100644 --- a/docs/README.md +++ b/docs/README.md @@ -4,44 +4,44 @@ Dlint uses a simple, folder-based hierarchy written in [Markdown](https://en.wik # Linters -* [`DUO101` `YieldReturnStatementLinter` "inlineCallbacks" function cannot have non-empty "return" statement](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO101.md) -* [`DUO102` `BadRandomGeneratorUseLinter` insecure use of "random" module, prefer "random.SystemRandom"](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO102.md) -* [`DUO103` `BadPickleUseLinter` insecure use of "pickle" or "cPickle"](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO103.md) -* [`DUO104` `BadEvalUseLinter` use of "eval" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO104.md) -* [`DUO105` `BadExecUseLinter` use of "exec" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO105.md) -* [`DUO106` `BadOSUseLinter` insecure use of "os" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO106.md) -* [`DUO107` `BadXMLUseLinter` insecure use of XML modules, prefer "defusedxml"](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO107.md) -* [`DUO108` `BadInputUseLinter` use of "input" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO108.md) -* [`DUO109` `BadYAMLUseLinter` insecure use of "yaml" parsing function, prefer "safe_*" equivalent](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO109.md) -* [`DUO110` `BadCompileUseLinter` use of "compile" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO110.md) -* [`DUO111` `BadSysUseLinter` insecure use of "sys" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO111.md) -* [`DUO112` `BadZipfileUseLinter` use of "extract|extractall" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO112.md) -* [`DUO113` `InlineCallbacksYieldStatementLinter` "inlineCallbacks" function missing "yield" statement](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO113.md) -* [`DUO114` `ReturnValueInInlineCallbacksLinter` "returnValue" in function missing "inlineCallbacks" decorator](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO114.md) -* [`DUO115` `BadTarfileUseLinter` use of "extract|extractall" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO115.md) -* [`DUO116` `BadSubprocessUseLinter` use of "shell=True" is insecure in "subprocess" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO116.md) -* [`DUO117` `BadDlUseLinter` avoid "dl" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO117.md) -* [`DUO118` `BadGlUseLinter` avoid "gl" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO118.md) -* [`DUO119` `BadShelveUseLinter` avoid "shelve" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO119.md) -* [`DUO120` `BadMarshalUseLinter` avoid "marshal" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO120.md) -* [`DUO121` `BadTempfileUseLinter` use of "tempfile.mktemp" allows for race conditions](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO121.md) -* [`DUO122` `BadSSLModuleAttributeUseLinter` insecure "ssl" module attribute use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO122.md) -* [`DUO123` `BadRequestsUseLinter` use of "verify=False" is insecure in "requests" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO123.md) -* [`DUO124` `BadXmlrpcUseLinter` instance with "allow_dotted_names" enabled is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO124.md) -* [`DUO125` `BadCommandsUseLinter` avoid "commands" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO125.md) -* [`DUO126` `BadPopen2UseLinter` avoid "popen2" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO126.md) -* [`DUO127` `BadDuoClientUseLinter` use of "ca_certs=HTTP|DISABLE" is insecure in "duo_client" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO127.md) -* [`DUO128` `BadOneLoginKwargUseLinter` insecure "OneLogin" SAML function call](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO128.md) -* [`DUO129` `BadOneLoginModuleAttributeUseLinter` insecure "OneLogin" SAML attribute use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO129.md) -* [`DUO130` `BadHashlibUseLinter` insecure use of "hashlib" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO130.md) -* [`DUO131` `BadUrllib3ModuleAttributeUseLinter` "urllib3" warnings disabled, insecure connections possible](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO131.md) -* [`DUO132` `BadUrllib3KwargUseLinter` "urllib3" certificate verification disabled, insecure connections possible](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO132.md) -* [`DUO133` `BadPycryptoUseLinter` use of "Crypto" module is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO133.md) -* [`DUO134` `BadCryptographyModuleAttributeUseLinter` insecure "cryptography" attribute use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO134.md) -* [`DUO135` `BadDefusedxmlUseLinter` enable all "forbid_*" defenses when using "defusedxml" parsing](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO135.md) -* [`DUO136` `BadXmlsecModuleAttributeUseLinter` insecure "xmlsec" attribute use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO136.md) -* [`DUO137` `BadItsDangerousKwargUseLinter` insecure "itsdangerous" use allowing empty signing](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO137.md) -* [`DUO138` `BadReCatastrophicUseLinter` catastrophic "re" usage - denial-of-service possible](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO138.md) +- [`DUO101` `YieldReturnStatementLinter` "inlineCallbacks" function cannot have non-empty "return" statement](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO101.md) +- [`DUO102` `BadRandomGeneratorUseLinter` insecure use of "random" module, prefer "random.SystemRandom"](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO102.md) +- [`DUO103` `BadPickleUseLinter` insecure use of "pickle" or "cPickle"](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO103.md) +- [`DUO104` `BadEvalUseLinter` use of "eval" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO104.md) +- [`DUO105` `BadExecUseLinter` use of "exec" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO105.md) +- [`DUO106` `BadOSUseLinter` insecure use of "os" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO106.md) +- [`DUO107` `BadXMLUseLinter` insecure use of XML modules, prefer "defusedxml"](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO107.md) +- [`DUO108` `BadInputUseLinter` use of "input" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO108.md) +- [`DUO109` `BadYAMLUseLinter` insecure use of "yaml" parsing function, prefer "safe\_\*" equivalent](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO109.md) +- [`DUO110` `BadCompileUseLinter` use of "compile" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO110.md) +- [`DUO111` `BadSysUseLinter` insecure use of "sys" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO111.md) +- [`DUO112` `BadZipfileUseLinter` use of "extract|extractall" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO112.md) +- [`DUO113` `InlineCallbacksYieldStatementLinter` "inlineCallbacks" function missing "yield" statement](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO113.md) +- [`DUO114` `ReturnValueInInlineCallbacksLinter` "returnValue" in function missing "inlineCallbacks" decorator](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO114.md) +- [`DUO115` `BadTarfileUseLinter` use of "extract|extractall" is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO115.md) +- [`DUO116` `BadSubprocessUseLinter` use of "shell=True" is insecure in "subprocess" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO116.md) +- [`DUO117` `BadDlUseLinter` avoid "dl" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO117.md) +- [`DUO118` `BadGlUseLinter` avoid "gl" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO118.md) +- [`DUO119` `BadShelveUseLinter` avoid "shelve" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO119.md) +- [`DUO120` `BadMarshalUseLinter` avoid "marshal" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO120.md) +- [`DUO121` `BadTempfileUseLinter` use of "tempfile.mktemp" allows for race conditions](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO121.md) +- [`DUO122` `BadSSLModuleAttributeUseLinter` insecure "ssl" module attribute use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO122.md) +- [`DUO123` `BadRequestsUseLinter` use of "verify=False" is insecure in "requests" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO123.md) +- [`DUO124` `BadXmlrpcUseLinter` instance with "allow_dotted_names" enabled is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO124.md) +- [`DUO125` `BadCommandsUseLinter` avoid "commands" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO125.md) +- [`DUO126` `BadPopen2UseLinter` avoid "popen2" module use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO126.md) +- [`DUO127` `BadDuoClientUseLinter` use of "ca_certs=HTTP|DISABLE" is insecure in "duo_client" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO127.md) +- [`DUO128` `BadOneLoginKwargUseLinter` insecure "OneLogin" SAML function call](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO128.md) +- [`DUO129` `BadOneLoginModuleAttributeUseLinter` insecure "OneLogin" SAML attribute use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO129.md) +- [`DUO130` `BadHashlibUseLinter` insecure use of "hashlib" module](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO130.md) +- [`DUO131` `BadUrllib3ModuleAttributeUseLinter` "urllib3" warnings disabled, insecure connections possible](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO131.md) +- [`DUO132` `BadUrllib3KwargUseLinter` "urllib3" certificate verification disabled, insecure connections possible](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO132.md) +- [`DUO133` `BadPycryptoUseLinter` use of "Crypto" module is insecure](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO133.md) +- [`DUO134` `BadCryptographyModuleAttributeUseLinter` insecure "cryptography" attribute use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO134.md) +- [`DUO135` `BadDefusedxmlUseLinter` enable all "forbid\_\*" defenses when using "defusedxml" parsing](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO135.md) +- [`DUO136` `BadXmlsecModuleAttributeUseLinter` insecure "xmlsec" attribute use](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO136.md) +- [`DUO137` `BadItsDangerousKwargUseLinter` insecure "itsdangerous" use allowing empty signing](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO137.md) +- [`DUO138` `BadReCatastrophicUseLinter` catastrophic "re" usage - denial-of-service possible](https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO138.md) # FAQs @@ -52,61 +52,61 @@ tool aimed at searching for security issues in Python code. Bandit is a great tool and can easily be used simultaneously with Dlint. However, there are a few advantages Dlint has over Bandit: -* Dlint can identify function calls that are insecure specifically because of -their keyword argument usage. For example, `subprocess` module function calls -that use the `shell=True` keyword argument: -[`subprocess` security considerations](https://docs.python.org/3/library/subprocess.html#security-considerations). -* Dlint can identify insecure method calls on specific objects. For example, -the [`TarFile.extractall`](https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall) -object method can often lead to security vulnerabilities. Dlint tracks variable -names of instantiated objects and searches for insecure methods used by these -specific objects. -* Dlint can identify insecurities arising from the use of wildcard imports. For -example, `from os import *`, which results in insecure use of the `os` module, -such as a `system` call. -* Dlint is built upon the ubiquitous [Flake8](https://flake8.pycqa.org/en/latest/) -project so it's easy to use, provides a fully-featured interface, and is backed -by the [Python Code Quality Authority](https://github.com/PyCQA). This means -things like no more re-inventing the wheel for -[selecting and ignoring violations](https://flake8.pycqa.org/en/latest/user/violations.html), -[including and excluding specific files](https://flake8.pycqa.org/en/latest/user/invocation.html), -[running multiple jobs in parallel](https://flake8.pycqa.org/en/latest/user/options.html#cmdoption-flake8-jobs), -[showing results inline in your editor](https://github.com/dlint-py/dlint#inline-editor), -and much more. +- Dlint can identify function calls that are insecure specifically because of + their keyword argument usage. For example, `subprocess` module function calls + that use the `shell=True` keyword argument: + [`subprocess` security considerations](https://docs.python.org/3/library/subprocess.html#security-considerations). +- Dlint can identify insecure method calls on specific objects. For example, + the [`TarFile.extractall`](https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall) + object method can often lead to security vulnerabilities. Dlint tracks variable + names of instantiated objects and searches for insecure methods used by these + specific objects. +- Dlint can identify insecurities arising from the use of wildcard imports. For + example, `from os import *`, which results in insecure use of the `os` module, + such as a `system` call. +- Dlint is built upon the ubiquitous [Flake8](https://flake8.pycqa.org/en/latest/) + project so it's easy to use, provides a fully-featured interface, and is backed + by the [Python Code Quality Authority](https://github.com/PyCQA). This means + things like no more re-inventing the wheel for + [selecting and ignoring violations](https://flake8.pycqa.org/en/latest/user/violations.html), + [including and excluding specific files](https://flake8.pycqa.org/en/latest/user/invocation.html), + [running multiple jobs in parallel](https://flake8.pycqa.org/en/latest/user/options.html#cmdoption-flake8-jobs), + [showing results inline in your editor](https://github.com/dlint-py/dlint#inline-editor), + and much more. Bandit also provides some advantages over Dlint: -* Bandit can identify SQL injections in your code: [B608](https://bandit.readthedocs.io/en/latest/plugins/b608_hardcoded_sql_expressions.html). -* Bandit can identify security issues resulting from hardcoded information: -[B104](https://bandit.readthedocs.io/en/latest/plugins/b104_hardcoded_bind_all_interfaces.html), -[B105](https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html), -[B106](https://bandit.readthedocs.io/en/latest/plugins/b106_hardcoded_password_funcarg.html), -[B107](https://bandit.readthedocs.io/en/latest/plugins/b107_hardcoded_password_funcdef.html), and -[B108](https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html). +- Bandit can identify SQL injections in your code: [B608](https://bandit.readthedocs.io/en/latest/plugins/b608_hardcoded_sql_expressions.html). +- Bandit can identify security issues resulting from hardcoded information: + [B104](https://bandit.readthedocs.io/en/latest/plugins/b104_hardcoded_bind_all_interfaces.html), + [B105](https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html), + [B106](https://bandit.readthedocs.io/en/latest/plugins/b106_hardcoded_password_funcarg.html), + [B107](https://bandit.readthedocs.io/en/latest/plugins/b107_hardcoded_password_funcdef.html), and + [B108](https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html). Running multiple security tools over your codebase will provide a more comprehensive analysis and ensure you're coding with confidence. ## Where can I learn more about static analysis? -* [Lessons from Building Static Analysis Tools at Google (2018)](https://cacm.acm.org/magazines/2018/4/226371-lessons-from-building-static-analysis-tools-at-google/fulltext) -* [Scaling Static Analyses at Facebook (2019)](https://cacm.acm.org/magazines/2019/8/238344-scaling-static-analyses-at-facebook/fulltext) -* [Static Analysis at Scale: An Instagram Story (2019)](https://instagram-engineering.com/static-analysis-at-scale-an-instagram-story-8f498ab71a0c) -* [Static Analysis at GitHub (2022)](https://cacm.acm.org/magazines/2022/2/258227-static-analysis-at-github/fulltext) -* [A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World (2010)](https://cacm.acm.org/magazines/2010/2/69354-a-few-billion-lines-of-code-later/fulltext) -* [How to Build Static Checking Systems Using Orders of Magnitude Less Code (2016)](https://web.stanford.edu/~mlfbrown/paper.pdf) -* [What Developers Want and Need from Program Analysis: An Empirical Study (2016)](https://www.microsoft.com/en-us/research/publication/what-developers-want-and-need-from-program-analysis-an-empirical-study/) -* [Lessons learned from writing ShellCheck, GitHub's now most starred Haskell project (2020)](https://www.vidarholen.net/contents/blog/?p=859) -* [A Systematic Impact Study for Fuzzer-Found Compiler Bugs (2019)](https://arxiv.org/abs/1902.09334) -* [Static Detection of DoS Vulnerabilities in Programs that use Regular Expressions (2017)](https://arxiv.org/abs/1701.04045) -* [Static Analysis for Security (2004)](https://www.garymcgraw.com/wp-content/uploads/2015/11/bsi5-static.pdf) -* [CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs (2002)](https://people.eecs.berkeley.edu/~necula/Papers/cil_cc02.pdf) -* [SAIL: Static Analysis Intermediate Language with a Two-Level Representation (2009)](https://www.cs.utexas.edu/~isil/sail.pdf) -* [Wikipedia: Data-flow analysis](https://en.wikipedia.org/wiki/Data-flow_analysis) -* Applied Research - * [Zero Day Initiative - MindShaRE: When MySQL Cluster Encounters Taint Analysis](https://www.zerodayinitiative.com/blog/2022/2/10/mindshare-when-mysql-cluster-encounters-taint-analysis) - * [Trail of Bits - Finding unhandled errors using CodeQL](https://blog.trailofbits.com/2022/01/11/finding-unhandled-errors-using-codeql/) - * [Trail of Bits - Discovering goroutine leaks with Semgrep](https://www.trailofbits.com/post/discovering-goroutine-leaks-with-semgrep) +- [Lessons from Building Static Analysis Tools at Google (2018)](https://cacm.acm.org/magazines/2018/4/226371-lessons-from-building-static-analysis-tools-at-google/fulltext) +- [Scaling Static Analyses at Facebook (2019)](https://cacm.acm.org/magazines/2019/8/238344-scaling-static-analyses-at-facebook/fulltext) +- [Static Analysis at Scale: An Instagram Story (2019)](https://instagram-engineering.com/static-analysis-at-scale-an-instagram-story-8f498ab71a0c) +- [Static Analysis at GitHub (2022)](https://cacm.acm.org/magazines/2022/2/258227-static-analysis-at-github/fulltext) +- [A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World (2010)](https://cacm.acm.org/magazines/2010/2/69354-a-few-billion-lines-of-code-later/fulltext) +- [How to Build Static Checking Systems Using Orders of Magnitude Less Code (2016)](https://web.stanford.edu/~mlfbrown/paper.pdf) +- [What Developers Want and Need from Program Analysis: An Empirical Study (2016)](https://www.microsoft.com/en-us/research/publication/what-developers-want-and-need-from-program-analysis-an-empirical-study/) +- [Lessons learned from writing ShellCheck, GitHub's now most starred Haskell project (2020)](https://www.vidarholen.net/contents/blog/?p=859) +- [A Systematic Impact Study for Fuzzer-Found Compiler Bugs (2019)](https://arxiv.org/abs/1902.09334) +- [Static Detection of DoS Vulnerabilities in Programs that use Regular Expressions (2017)](https://arxiv.org/abs/1701.04045) +- [Static Analysis for Security (2004)](https://www.garymcgraw.com/wp-content/uploads/2015/11/bsi5-static.pdf) +- [CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs (2002)](https://people.eecs.berkeley.edu/~necula/Papers/cil_cc02.pdf) +- [SAIL: Static Analysis Intermediate Language with a Two-Level Representation (2009)](https://www.cs.utexas.edu/~isil/sail.pdf) +- [Wikipedia: Data-flow analysis](https://en.wikipedia.org/wiki/Data-flow_analysis) +- Applied Research + - [Zero Day Initiative - MindShaRE: When MySQL Cluster Encounters Taint Analysis](https://www.zerodayinitiative.com/blog/2022/2/10/mindshare-when-mysql-cluster-encounters-taint-analysis) + - [Trail of Bits - Finding unhandled errors using CodeQL](https://blog.trailofbits.com/2022/01/11/finding-unhandled-errors-using-codeql/) + - [Trail of Bits - Discovering goroutine leaks with Semgrep](https://www.trailofbits.com/post/discovering-goroutine-leaks-with-semgrep) ## How can I integrate Dlint into XYZ? @@ -194,6 +194,7 @@ Please see the following: https://github.com/dlint-py/dlint-action. Include Dlint in your [Arcanist](https://secure.phabricator.com/book/phabricator/article/arcanist/) linting process via the [`.arclint`](https://secure.phabricator.com/book/phabricator/article/arcanist_lint/) configuration file: + ``` { "linters": { diff --git a/docs/linters/DUO101.md b/docs/linters/DUO101.md index addc067..cb55c55 100644 --- a/docs/linters/DUO101.md +++ b/docs/linters/DUO101.md @@ -35,4 +35,4 @@ For more information see [Introduction to Deferreds](https://twisted.readthedocs ## Exceptions -* If you are using Python 3.3+, it is possible to use the `return` statement instead of `returnValue` +- If you are using Python 3.3+, it is possible to use the `return` statement instead of `returnValue` diff --git a/docs/linters/DUO102.md b/docs/linters/DUO102.md index cb45854..3e82664 100644 --- a/docs/linters/DUO102.md +++ b/docs/linters/DUO102.md @@ -32,4 +32,4 @@ sufficient amount of previous values. ## Exceptions -* Normal `random` use is acceptable if the relevant code is not used for security or cryptographic purposes +- Normal `random` use is acceptable if the relevant code is not used for security or cryptographic purposes diff --git a/docs/linters/DUO103.md b/docs/linters/DUO103.md index a742492..b38515d 100644 --- a/docs/linters/DUO103.md +++ b/docs/linters/DUO103.md @@ -32,5 +32,5 @@ types of bugs. ## Exceptions -* Code may be safe if data passed to `pickle` contains no user input -* Code may be safe if data passed to `pickle` is a constant string +- Code may be safe if data passed to `pickle` contains no user input +- Code may be safe if data passed to `pickle` is a constant string diff --git a/docs/linters/DUO104.md b/docs/linters/DUO104.md index 2cd095e..f3fd14c 100644 --- a/docs/linters/DUO104.md +++ b/docs/linters/DUO104.md @@ -31,5 +31,5 @@ types of bugs. ## Exceptions -* Code may be safe if data passed to `eval` contains no user input -* Code may be safe if data passed to `eval` is a constant string +- Code may be safe if data passed to `eval` contains no user input +- Code may be safe if data passed to `eval` is a constant string diff --git a/docs/linters/DUO105.md b/docs/linters/DUO105.md index f9f4fe1..e5ef312 100644 --- a/docs/linters/DUO105.md +++ b/docs/linters/DUO105.md @@ -35,8 +35,7 @@ Arbitrary code execution bugs are effectively the keys to the castle. We'd like to avoid using the above function because it commonly allows for these types of bugs. - ## Exceptions -* Code may be safe if data passed to `exec` contains no user input -* Code may be safe if data passed to `exec` is a constant string +- Code may be safe if data passed to `exec` contains no user input +- Code may be safe if data passed to `exec` is a constant string diff --git a/docs/linters/DUO106.md b/docs/linters/DUO106.md index 99f2846..73f2519 100644 --- a/docs/linters/DUO106.md +++ b/docs/linters/DUO106.md @@ -37,5 +37,5 @@ types of bugs. ## Exceptions -* Code may be safe if data passed to `os.system` contains no user input -* Code may be safe if data passed to `os.system` is a constant string +- Code may be safe if data passed to `os.system` contains no user input +- Code may be safe if data passed to `os.system` is a constant string diff --git a/docs/linters/DUO107.md b/docs/linters/DUO107.md index 738b4b5..3f11413 100644 --- a/docs/linters/DUO107.md +++ b/docs/linters/DUO107.md @@ -29,4 +29,4 @@ For more information on specific vulnerabilities see [Python XML Libraries](http ## Exceptions -* The `xml.sax.saxutils` sub-module is safe to use +- The `xml.sax.saxutils` sub-module is safe to use diff --git a/docs/linters/DUO108.md b/docs/linters/DUO108.md index 6b3be23..963dd61 100644 --- a/docs/linters/DUO108.md +++ b/docs/linters/DUO108.md @@ -33,4 +33,4 @@ types of bugs. ## Exceptions -* Code using `six.moves.input` behaves like Python 3 `input`, and thus is safe +- Code using `six.moves.input` behaves like Python 3 `input`, and thus is safe diff --git a/docs/linters/DUO109.md b/docs/linters/DUO109.md index 59e7da4..827abd6 100644 --- a/docs/linters/DUO109.md +++ b/docs/linters/DUO109.md @@ -34,7 +34,6 @@ Arbitrary code execution bugs are effectively the keys to the castle. We'd like to avoid using the above function because it commonly allows for these types of bugs. - ## Exceptions None diff --git a/docs/linters/DUO110.md b/docs/linters/DUO110.md index 55391cc..8c66dea 100644 --- a/docs/linters/DUO110.md +++ b/docs/linters/DUO110.md @@ -39,5 +39,5 @@ interpreter which may lead to denial-of-service (DoS) bugs. ## Exceptions -* Code may be safe if data passed to `compile` contains no user input and limits data size -* Code may be safe if data passed to `compile` is a constant string and limits data size +- Code may be safe if data passed to `compile` contains no user input and limits data size +- Code may be safe if data passed to `compile` is a constant string and limits data size diff --git a/docs/linters/DUO111.md b/docs/linters/DUO111.md index 0266a2b..a3bfd15 100644 --- a/docs/linters/DUO111.md +++ b/docs/linters/DUO111.md @@ -33,5 +33,5 @@ PEP 578 calls out these functions as "Suggested Audit Hooks." ## Exceptions -* Debugging code in a development environment -* Code that is explicitly used as a debugger, profiler, etc +- Debugging code in a development environment +- Code that is explicitly used as a debugger, profiler, etc diff --git a/docs/linters/DUO112.md b/docs/linters/DUO112.md index 2e86c50..b8a12a1 100644 --- a/docs/linters/DUO112.md +++ b/docs/linters/DUO112.md @@ -29,4 +29,4 @@ From the Python documentation: ## Exceptions -* Extracting zipfiles from trusted sources +- Extracting zipfiles from trusted sources diff --git a/docs/linters/DUO115.md b/docs/linters/DUO115.md index e102e02..5bf5e81 100644 --- a/docs/linters/DUO115.md +++ b/docs/linters/DUO115.md @@ -29,4 +29,4 @@ From the Python documentation: ## Exceptions -* Extracting tarfiles from trusted sources +- Extracting tarfiles from trusted sources diff --git a/docs/linters/DUO119.md b/docs/linters/DUO119.md index 8b4d1fc..bfb24d5 100644 --- a/docs/linters/DUO119.md +++ b/docs/linters/DUO119.md @@ -32,5 +32,5 @@ types of bugs. ## Exceptions -* Code may be safe if data passed to `shelve` contains no user input -* Code may be safe if data passed to `shelve` is a constant string +- Code may be safe if data passed to `shelve` contains no user input +- Code may be safe if data passed to `shelve` is a constant string diff --git a/docs/linters/DUO120.md b/docs/linters/DUO120.md index 994e046..e91a998 100644 --- a/docs/linters/DUO120.md +++ b/docs/linters/DUO120.md @@ -32,5 +32,5 @@ types of bugs. ## Exceptions -* Code may be safe if data passed to `marshal` contains no user input -* Code may be safe if data passed to `marshal` is a constant string +- Code may be safe if data passed to `marshal` contains no user input +- Code may be safe if data passed to `marshal` is a constant string diff --git a/docs/linters/DUO121.md b/docs/linters/DUO121.md index 5c933f2..c6ab383 100644 --- a/docs/linters/DUO121.md +++ b/docs/linters/DUO121.md @@ -38,7 +38,7 @@ fd, temp_filename = tempfile.mkstemp() # "mkstemp" with "s" ``` Note that in both cases there is (1) an open file descriptor to close -and (2) a file to remove on disk. Also note that `NamedTemporaryFile` +and (2) a file to remove on disk. Also note that `NamedTemporaryFile` can be used as a context manager, e.g. using the `with` statement. ## Rationale diff --git a/docs/linters/DUO122.md b/docs/linters/DUO122.md index ba39fb8..6096bf8 100644 --- a/docs/linters/DUO122.md +++ b/docs/linters/DUO122.md @@ -55,18 +55,18 @@ For more information see [`ssl` security considerations](https://docs.python.org ## Exceptions -* `PROTOCOL_TLS` and `PROTOCOL_SSLv23` negotiate the highest protocol version -both the client and server support. This means that the secure -`PROTOCOL_TLSv1_2` may be chosen, or the insecure `PROTOCOL_SSLv3` may be -chosen. This negotiation is prone to [downgrade attacks](https://en.wikipedia.org/wiki/Downgrade_attack), -and leaves room for insecure connections, so we should prefer explicitly -allowing only secure protocols. These attributes may be a false positive under -certain circumstances, however we should err on the side of security. -* There will often be times when using the most secure options will not be -possible. For example, the server you're communicating with does not support -modern protocols and is not under your control. Further, there can be network -middleware (proxies, etc) that does not support the most secure options. In -these situations the challenges may not be completely technical ones and you -may have to fallback on insecure (or at least not *the most* secure) options - -here you'll have to use your best judgement. -* Connections to local development services or in test environments. +- `PROTOCOL_TLS` and `PROTOCOL_SSLv23` negotiate the highest protocol version + both the client and server support. This means that the secure + `PROTOCOL_TLSv1_2` may be chosen, or the insecure `PROTOCOL_SSLv3` may be + chosen. This negotiation is prone to [downgrade attacks](https://en.wikipedia.org/wiki/Downgrade_attack), + and leaves room for insecure connections, so we should prefer explicitly + allowing only secure protocols. These attributes may be a false positive under + certain circumstances, however we should err on the side of security. +- There will often be times when using the most secure options will not be + possible. For example, the server you're communicating with does not support + modern protocols and is not under your control. Further, there can be network + middleware (proxies, etc) that does not support the most secure options. In + these situations the challenges may not be completely technical ones and you + may have to fallback on insecure (or at least not _the most_ secure) options - + here you'll have to use your best judgement. +- Connections to local development services or in test environments. diff --git a/docs/linters/DUO123.md b/docs/linters/DUO123.md index 5cf7348..23ae108 100644 --- a/docs/linters/DUO123.md +++ b/docs/linters/DUO123.md @@ -31,5 +31,5 @@ you must ensure certification verification is enabled. ## Exceptions -* Code connecting to internal network services (although these should strive for full HTTPS as well) -* Code connecting to local development services or in test environments +- Code connecting to internal network services (although these should strive for full HTTPS as well) +- Code connecting to local development services or in test environments diff --git a/docs/linters/DUO124.md b/docs/linters/DUO124.md index 2a8c62b..937bdc7 100644 --- a/docs/linters/DUO124.md +++ b/docs/linters/DUO124.md @@ -31,4 +31,4 @@ See above. ## Exceptions -* Code connecting to a secure, closed network +- Code connecting to a secure, closed network diff --git a/docs/linters/DUO127.md b/docs/linters/DUO127.md index 0d50275..15ba9fc 100644 --- a/docs/linters/DUO127.md +++ b/docs/linters/DUO127.md @@ -37,4 +37,4 @@ prevent this you must ensure certification verification is enabled. ## Exceptions -* Code connecting to local development services or in test environments +- Code connecting to local development services or in test environments diff --git a/docs/linters/DUO128.md b/docs/linters/DUO128.md index 20934e6..723e5b2 100644 --- a/docs/linters/DUO128.md +++ b/docs/linters/DUO128.md @@ -22,10 +22,10 @@ generally. Be sure that you're familiar with the `security` settings in the [How it Works](https://github.com/onelogin/python-saml#how-it-works) section and common literature for securing this protocol: -* [The Beer Drinker's Guide to SAML](https://duo.com/blog/the-beer-drinkers-guide-to-saml) -* [How SAML Authentication Works](https://auth0.com/blog/how-saml-authentication-works/) -* [SAML Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html) -* [On Breaking SAML: Be Whoever You Want to Be](https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf) +- [The Beer Drinker's Guide to SAML](https://duo.com/blog/the-beer-drinkers-guide-to-saml) +- [How SAML Authentication Works](https://auth0.com/blog/how-saml-authentication-works/) +- [SAML Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html) +- [On Breaking SAML: Be Whoever You Want to Be](https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf) ## Rationale @@ -33,9 +33,9 @@ See above. ## Exceptions -* There will often be times when using the most secure options will not be -possible. For example, the SP or IDP you're communicating with does not support -the most secure configuration. In these situations the challenges may not be -completely technical ones and you may have to fallback on insecure (or at -least not *the most* secure) options - here you'll have to use your best -judgement. +- There will often be times when using the most secure options will not be + possible. For example, the SP or IDP you're communicating with does not support + the most secure configuration. In these situations the challenges may not be + completely technical ones and you may have to fallback on insecure (or at + least not _the most_ secure) options - here you'll have to use your best + judgement. diff --git a/docs/linters/DUO129.md b/docs/linters/DUO129.md index 8e6ad9b..5ee2221 100644 --- a/docs/linters/DUO129.md +++ b/docs/linters/DUO129.md @@ -36,16 +36,16 @@ generally. Be sure that you're familiar with the `security` settings in the [How it Works](https://github.com/onelogin/python-saml#how-it-works) section and common literature for securing this protocol: -* [The Beer Drinker's Guide to SAML](https://duo.com/blog/the-beer-drinkers-guide-to-saml) -* [How SAML Authentication Works](https://auth0.com/blog/how-saml-authentication-works/) -* [SAML Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html) -* [On Breaking SAML: Be Whoever You Want to Be](https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf) +- [The Beer Drinker's Guide to SAML](https://duo.com/blog/the-beer-drinkers-guide-to-saml) +- [How SAML Authentication Works](https://auth0.com/blog/how-saml-authentication-works/) +- [SAML Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SAML_Security_Cheat_Sheet.html) +- [On Breaking SAML: Be Whoever You Want to Be](https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final91.pdf) ## Exceptions -* There will often be times when using the most secure options will not be -possible. For example, the SP or IDP you're communicating with does not support -the most secure configuration. In these situations the challenges may not be -completely technical ones and you may have to fallback on insecure (or at -least not *the most* secure) options - here you'll have to use your best -judgement. +- There will often be times when using the most secure options will not be + possible. For example, the SP or IDP you're communicating with does not support + the most secure configuration. In these situations the challenges may not be + completely technical ones and you may have to fallback on insecure (or at + least not _the most_ secure) options - here you'll have to use your best + judgement. diff --git a/docs/linters/DUO130.md b/docs/linters/DUO130.md index 3bd3faf..5205ab0 100644 --- a/docs/linters/DUO130.md +++ b/docs/linters/DUO130.md @@ -5,8 +5,8 @@ This linter searches for insecure use of the `hashlib` module. More specifically this searches for MD5 or SHA1 use when hashing. Both of these hashing algorithms are considered insecure at this point: -* [Is MD5 considered insecure?](https://security.stackexchange.com/questions/19906/is-md5-considered-insecure) -* [How secure is SHA1? What are the chances of a real exploit?](https://crypto.stackexchange.com/questions/48289/how-secure-is-sha1-what-are-the-chances-of-a-real-exploit) +- [Is MD5 considered insecure?](https://security.stackexchange.com/questions/19906/is-md5-considered-insecure) +- [How secure is SHA1? What are the chances of a real exploit?](https://crypto.stackexchange.com/questions/48289/how-secure-is-sha1-what-are-the-chances-of-a-real-exploit) ## Problematic code @@ -38,5 +38,5 @@ Some algorithms have known hash collision weaknesses. ## Exceptions -* Compatibility with systems that can only use MD5 or SHA1 and are not under your control -* Use cases that are related to checksumming, rather than cryptography. +- Compatibility with systems that can only use MD5 or SHA1 and are not under your control +- Use cases that are related to checksumming, rather than cryptography. diff --git a/docs/linters/DUO131.md b/docs/linters/DUO131.md index fd57d4e..283e162 100644 --- a/docs/linters/DUO131.md +++ b/docs/linters/DUO131.md @@ -25,5 +25,5 @@ requests to go unnoticed. ## Exceptions -* Code connecting to internal network services (although these should strive for full HTTPS as well) -* Code connecting to local development services or in test environments +- Code connecting to internal network services (although these should strive for full HTTPS as well) +- Code connecting to local development services or in test environments diff --git a/docs/linters/DUO132.md b/docs/linters/DUO132.md index 8133e5f..88630e6 100644 --- a/docs/linters/DUO132.md +++ b/docs/linters/DUO132.md @@ -3,7 +3,7 @@ This linter searches for insecure keyword argument use in the `urllib3` module. Specifically, it looks for objects that may have HTTPS certification verification disabled by setting `"NONE"`, `"CERT_NONE"`, `CERT_NONE`, or -`ssl.CERT_NONE` set for the `cert_reqs` keyward argument. These values disable +`ssl.CERT_NONE` set for the `cert_reqs` keyword argument. These values disable verification and thus allow for insecure HTTPS connections. ## Problematic code @@ -35,5 +35,5 @@ you must ensure certification verification is enabled. ## Exceptions -* Code connecting to internal network services (although these should strive for full HTTPS as well) -* Code connecting to local development services or in test environments +- Code connecting to internal network services (although these should strive for full HTTPS as well) +- Code connecting to local development services or in test environments diff --git a/docs/linters/DUO133.md b/docs/linters/DUO133.md index 6ff28fb..70b2447 100644 --- a/docs/linters/DUO133.md +++ b/docs/linters/DUO133.md @@ -61,11 +61,11 @@ ciphertext = obj.encrypt(message) Using `pycrypto` is insecure for these reasons: -* The library is unmaintained - future bugs will not be fixed. -* There are known vulnerabilities along with working exploits. -* The library's API does not encourage safe-by-default, simple, obvious code. -Cryptography operations are notorious difficult, so working with a library -that prioritizes simplicity and safety should be preferred. +- The library is unmaintained - future bugs will not be fixed. +- There are known vulnerabilities along with working exploits. +- The library's API does not encourage safe-by-default, simple, obvious code. + Cryptography operations are notorious difficult, so working with a library + that prioritizes simplicity and safety should be preferred. The `cryptography` library is considered best-practice in the Python community. The `pycryptodomex` library should only be used when API-compatibility is diff --git a/docs/linters/DUO134.md b/docs/linters/DUO134.md index 0f57821..fa7c5e5 100644 --- a/docs/linters/DUO134.md +++ b/docs/linters/DUO134.md @@ -34,13 +34,13 @@ usage should still be limited. There are secure alternatives documented in the following locations: -* [https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/](https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/) -* [https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#algorithms](https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#algorithms) +- [https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/](https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/) +- [https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#algorithms](https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#algorithms) For PKCS1 v1.5 alternatives consider the following: -* For signing operations: [`cryptography.hazmat.primitives.asymmetric.padding.PSS`](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.padding.PSS) -* For encryption operations: [`cryptography.hazmat.primitives.asymmetric.padding.OAEP`](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.padding.OAEP) +- For signing operations: [`cryptography.hazmat.primitives.asymmetric.padding.PSS`](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.padding.PSS) +- For encryption operations: [`cryptography.hazmat.primitives.asymmetric.padding.OAEP`](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.padding.OAEP) ## Rationale @@ -59,6 +59,6 @@ ciphertext attacks. ## Exceptions -* `PKCS1v15` may be used for legacy applications, but should not be considered -for new applications. It is still recommended to move away from `PKCS1v15` -usage as soon as possible. +- `PKCS1v15` may be used for legacy applications, but should not be considered + for new applications. It is still recommended to move away from `PKCS1v15` + usage as soon as possible. diff --git a/docs/linters/DUO135.md b/docs/linters/DUO135.md index 54f8215..a024307 100644 --- a/docs/linters/DUO135.md +++ b/docs/linters/DUO135.md @@ -41,5 +41,5 @@ For more information on these and other attack vectors see the [defusedxml docs] ## Exceptions -* Situations where the above attack vectors are explicitly required XML -functionality for the program to function correctly. +- Situations where the above attack vectors are explicitly required XML + functionality for the program to function correctly. diff --git a/docs/linters/DUO136.md b/docs/linters/DUO136.md index 9a87aa2..2da85d6 100644 --- a/docs/linters/DUO136.md +++ b/docs/linters/DUO136.md @@ -54,8 +54,8 @@ ciphertext attacks. ## Exceptions -* Triple DES may be used for legacy applications which encrypt relatively small -amounts of information, e.g. small data sets, not long-lived web protocols. -* `PKCS1` may be used for legacy applications, but should not be considered -for new applications. It is still recommended to move away from `PKCS1` -usage as soon as possible. +- Triple DES may be used for legacy applications which encrypt relatively small + amounts of information, e.g. small data sets, not long-lived web protocols. +- `PKCS1` may be used for legacy applications, but should not be considered + for new applications. It is still recommended to move away from `PKCS1` + usage as soon as possible. diff --git a/docs/linters/DUO138.md b/docs/linters/DUO138.md index cb58cac..8b1065f 100644 --- a/docs/linters/DUO138.md +++ b/docs/linters/DUO138.md @@ -4,11 +4,11 @@ This linter searches for regular expressions that may, under certain inputs, exhibit catastrophic backtracking in the Python [`re`](https://docs.python.org/3/library/re.html) module. For more information on catastrophic backtracking see: -* [Runaway Regular Expressions: Catastrophic Backtracking](https://www.regular-expressions.info/catastrophic.html) -* [Preventing Regular Expression Denial of Service (ReDoS)](https://www.regular-expressions.info/redos.html) -* [Regex Performance](https://blog.codinghorror.com/regex-performance/) -* [Regular Expression Denial of Service (ReDoS) and Catastrophic Backtracking](https://snyk.io/blog/redos-and-catastrophic-backtracking/) -* [Javascript Catastrophic Backtracking](https://javascript.info/regexp-catastrophic-backtracking) +- [Runaway Regular Expressions: Catastrophic Backtracking](https://www.regular-expressions.info/catastrophic.html) +- [Preventing Regular Expression Denial of Service (ReDoS)](https://www.regular-expressions.info/redos.html) +- [Regex Performance](https://blog.codinghorror.com/regex-performance/) +- [Regular Expression Denial of Service (ReDoS) and Catastrophic Backtracking](https://snyk.io/blog/redos-and-catastrophic-backtracking/) +- [Javascript Catastrophic Backtracking](https://javascript.info/regexp-catastrophic-backtracking) ## Problematic code @@ -61,11 +61,11 @@ degraded or unusable. ## Exceptions -* Nested quantifiers with small maximums may be okay (e.g. `{1,3}`). However, -sensible runtimes for your code are application-dependent. Even with small -maximums the runtime will depend on many factors including subject length, -machine hardware, and repetition size. Proceed with nested quantifiers at your -own risk. +- Nested quantifiers with small maximums may be okay (e.g. `{1,3}`). However, + sensible runtimes for your code are application-dependent. Even with small + maximums the runtime will depend on many factors including subject length, + machine hardware, and repetition size. Proceed with nested quantifiers at your + own risk. ## Debugging