File tree Expand file tree Collapse file tree 1 file changed +11
-4
lines changed Expand file tree Collapse file tree 1 file changed +11
-4
lines changed Original file line number Diff line number Diff line change 77
88 2.标准库危险模块
99 os
10- os.popen() or subprocess.Popen(), and subprocess.check_output()
11- sys
1210 subprocess
13- subprocess.call(user_input, shell=True) : popen, subprocess.call等
1411 commands
1512
1613 3.危险第三方库
5855
5956
6057
58+
59+
6160### 代码审计
6261
6362[ Python安全编码和代码审计] ( http://xxlegend.com/2015/07/30/Python%E5%AE%89%E5%85%A8%E7%BC%96%E7%A0%81%E5%92%8C%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/ )
@@ -68,6 +67,12 @@ https://xianzhi.aliyun.com/forum/read/301.html
6867https://xianzhi.aliyun.com/forum/read/300.html
6968https://xianzhi.aliyun.com/forum/read/274.html
7069
70+ [ Dangerous Python Functions, Part 1] ( https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html )
71+
72+ [ Dangerous Python Functions, Part 2] ( https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html )
73+
74+ [ Dangerous Python Functions, Part 3] ( https://www.kevinlondon.com/2017/01/30/dangerous-python-functions-pt3.html )
75+
7176[ 廖新喜大佬的python代码审计工具] ( https://github.com/shengqi158/pyvulhunter )
7277
7378[ 来自openstack安全团队的python代码静态审计工具] ( https://github.com/openstack/bandit )
@@ -162,4 +167,6 @@ https://github.com/smartFlash/pySecurity
162167
163168[ DEFENCELY CLARIFIES PYTHON OBJECT INJECTION EXPLOITATION] ( https://defencely.com/blog/defencely-clarifies-python-object-injection-exploitation/ )
164169
165- [ OWASP Python Security Project] ( https://github.com/ebranca/owasp-pysec )
170+ [ OWASP Python Security Project] ( https://github.com/ebranca/owasp-pysec )
171+
172+ [ Escaping a Python sandbox with a memory corruption bug] ( https://hackernoon.com/python-sandbox-escape-via-a-memory-corruption-bug-19dde4d5fea5 )
You can’t perform that action at this time.
0 commit comments