forked from ossf/wg-best-practices-os-developers
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Moving CWE-390 code example to GitHub as part of ossf#531
Signed-off-by: Helge Wehder <[email protected]>
- Loading branch information
Showing
4 changed files
with
91 additions
and
0 deletions.
There are no files selected for viewing
20 changes: 20 additions & 0 deletions
20
docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-390/compliant01.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # SPDX-FileCopyrightText: OpenSSF project contributors | ||
| # SPDX-License-Identifier: MIT | ||
| """ Compliant Code Example """ | ||
| from time import sleep | ||
|
|
||
|
|
||
| def exception_example(): | ||
| """Compliant Code Example catching a specific exception""" | ||
| while True: | ||
| sleep(1) | ||
| try: | ||
| _ = 1 / 0 | ||
| except ZeroDivisionError: | ||
| print("How is it now?") | ||
|
|
||
|
|
||
| ##################### | ||
| # exploiting above code example | ||
| ##################### | ||
| exception_example() |
28 changes: 28 additions & 0 deletions
28
docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-390/compliant02.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # SPDX-FileCopyrightText: OpenSSF project contributors | ||
| # SPDX-License-Identifier: MIT | ||
| """ Compliant Code Example """ | ||
|
|
||
| from pathlib import Path | ||
|
|
||
|
|
||
| def exception_example(args: list): | ||
| """Compliant code demonstrating a simplistic handling. | ||
| input validation or architectural are not demonstrated. | ||
| """ | ||
| file_exists = False | ||
| path = Path(Path.home(), args[0]) | ||
| while not file_exists: | ||
| try: | ||
| file_handle = open(path, "r", encoding="utf-8") | ||
| file_exists = True | ||
| print(file_handle.readlines()) | ||
| except FileNotFoundError: | ||
| print(f"Unable to find file '{path.name}'") | ||
| filename = input("Please provide a valid filename: ") | ||
| path = Path(Path.home(), filename) | ||
|
|
||
|
|
||
| ##################### | ||
| # exploiting above code example | ||
| ##################### | ||
| exception_example(["goblegoblegoble"]) |
21 changes: 21 additions & 0 deletions
21
docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-390/noncompliant01.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # SPDX-FileCopyrightText: OpenSSF project contributors | ||
| # SPDX-License-Identifier: MIT | ||
| """ Non-compliant Code Example """ | ||
|
|
||
| from time import sleep | ||
|
|
||
|
|
||
| def exception_example(): | ||
| """Non-compliant Code Example using bare except""" | ||
| while True: | ||
| try: | ||
| sleep(1) | ||
| _ = 1 / 0 | ||
| except: | ||
| print("Don't care") | ||
|
|
||
|
|
||
| ##################### | ||
| # exploiting above code example | ||
| ##################### | ||
| exception_example() |
22 changes: 22 additions & 0 deletions
22
docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-390/noncompliant02.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # SPDX-FileCopyrightText: OpenSSF project contributors | ||
| # SPDX-License-Identifier: MIT | ||
| """ Non-compliant Code Example """ | ||
|
|
||
| import logging | ||
| from pathlib import Path | ||
|
|
||
|
|
||
| def exception_example(args: list): | ||
| """Non-compliant Code Example missing handling""" | ||
| file_path = Path(Path.home(), args[0]) | ||
| try: | ||
| file_handle = open(file_path, "r", encoding="utf-8") | ||
| _ = file_handle.readlines() | ||
| except Exception as exception: | ||
| logging.exception(exception) | ||
|
|
||
|
|
||
| ##################### | ||
| # exploiting above code example | ||
| ##################### | ||
| exception_example(["goblegoblegoble"]) |