Moving CWE-390 code example to GitHub as part of #531 (#634)

* Moving CWE-390 code example to GitHub as part of #531

Signed-off-by: Helge Wehder <[email protected]>

* CWE-390 was missing in main readme.md
updated as part of #531

Signed-off-by: Helge Wehder <[email protected]>

---------

Signed-off-by: Helge Wehder <[email protected]>

docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-390/compliant01.py

@@ -0,0 +1,20 @@
+# SPDX-FileCopyrightText: OpenSSF project contributors
+# SPDX-License-Identifier: MIT
+""" Compliant Code Example """
+from time import sleep
+
+
+def exception_example():
+    """Compliant Code Example catching a specific exception"""
+    while True:
+        sleep(1)
+        try:
+            _ = 1 / 0
+        except ZeroDivisionError:
+            print("How is it now?")
+
+
+#####################
+# exploiting above code example
+#####################
+exception_example()

docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-390/compliant02.py

@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: OpenSSF project contributors
+# SPDX-License-Identifier: MIT
+""" Compliant Code Example """
+
+from pathlib import Path
+
+
+def exception_example(args: list):
+    """Compliant code demonstrating a simplistic handling.
+    input validation or architectural are not demonstrated.
+    """
+    file_exists = False
+    path = Path(Path.home(), args[0])
+    while not file_exists:
+        try:
+            file_handle = open(path, "r", encoding="utf-8")
+            file_exists = True
+            print(file_handle.readlines())
+        except FileNotFoundError:
+            print(f"Unable to find file '{path.name}'")
+            filename = input("Please provide a valid filename: ")
+            path = Path(Path.home(), filename)
+
+
+#####################
+# exploiting above code example
+#####################
+exception_example(["goblegoblegoble"])

docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-390/noncompliant01.py

@@ -0,0 +1,21 @@
+# SPDX-FileCopyrightText: OpenSSF project contributors
+# SPDX-License-Identifier: MIT
+""" Non-compliant Code Example """
+
+from time import sleep
+
+
+def exception_example():
+    """Non-compliant Code Example using bare except"""
+    while True:
+        try:
+            sleep(1)
+            _ = 1 / 0
+        except:
+            print("Don't care")
+
+
+#####################
+# exploiting above code example
+#####################
+exception_example()

docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-390/noncompliant02.py

@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: OpenSSF project contributors
+# SPDX-License-Identifier: MIT
+""" Non-compliant Code Example """
+
+import logging
+from pathlib import Path
+
+
+def exception_example(args: list):
+    """Non-compliant Code Example missing handling"""
+    file_path = Path(Path.home(), args[0])
+    try:
+        file_handle = open(file_path, "r", encoding="utf-8")
+        _ = file_handle.readlines()
+    except Exception as exception:
+        logging.exception(exception)
+
+
+#####################
+# exploiting above code example
+#####################
+exception_example(["goblegoblegoble"])

docs/Secure-Coding-Guide-for-Python/readme.md

@@ -74,6 +74,7 @@ It is **not production code** and requires code-style or python best practices t
 |[CWE-703: Improper Check or Handling of Exceptional Conditions](https://cwe.mitre.org/data/definitions/703.html)|Prominent CVE|
 |:----------------------------------------------------------------|:----|
 |[CWE-230: Improper Handling of Missing Values](CWE-703/CWE-230/.)||
+|[CWE-390: Detection of Error Condition without Action](CWE-703/CWE-390/)||
 |[CWE-392: Missing Report of Error Condition](CWE-703/CWE-392/README.md)||
 |[CWE-754: Improper Check for Unusual or Exceptional Conditions](CWE-703/CWE-754/.)||