DOCSLIB.ORG

Python Security Documentation Release 0.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Python Security Documentation Release 0.0 Victor Stinner Sep 15, 2021 Contents 1 Pages 3 1.1 Python Security Vulnerabilities.....................................3 1.2 Packages and PyPI............................................ 110 1.3 Python SSL and TLS security...................................... 122 1.4 Python Security............................................. 125 i ii Python Security Documentation, Release 0.0 This page is an attempt to document security vulnerabilities in Python and the versions including the fix. Contents 1 Python Security Documentation, Release 0.0 2 Contents CHAPTER 1 Pages 1.1 Python Security Vulnerabilities Status of Python branches lists Python branches which get security fixes. Total: 84 vulnerabilities. Vulnerability Disclosure Fixed In Vulnerable CVE CVE-2013-0340 Billion Laughs fixed in Expat 2.4.0 2021-06-11 3.6.15 3.7.12 3.8.12 3.9.7 – CVE-2013-0340 CVE-2021-3737: urllib HTTP client possible infinite loop on a 100 Continue response 2021-05-03 3.6.14 3.7.11 3.8.11 3.9.6 – – ipaddress leading zeros in IPv4 address 2021-03-30 3.8.12 3.9.5 – CVE-2021-29921 ftplib should not use the host from the PASV response 2021-02-21 3.6.14 3.7.11 3.8.9 3.9.3 – – CVE-2021-3733: ReDoS in urllib.request 2021-01-30 3.6.14 3.7.11 3.8.10 3.9.5 – – Information disclosure via pydoc getfile 2021-01-21 3.6.14 3.7.11 3.8.9 3.9.3 – CVE-2021-3426 urllib parse_qsl(): Web cache poisoning - semicolon as a query args separator 2021-01-19 3.6.13 3.7.10 3.8.8 3.9.2 – CVE-2021-23336 ctypes: Buffer overflow in PyCArg_repr 2021-01-16 3.6.13 3.7.10 3.8.8 3.9.2 – CVE-2021-3177 CJK codecs tests call eval() on content retrieved via HTTP 2020-10-05 3.6.13 3.7.10 3.8.7 3.9.1 – CVE-2020-27619 [CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface 2020-06-17 3.5.10 3.6.12 3.7.9 3.8.4 3.9.0 – CVE-2020-14422 http.client: HTTP Header Injection in the HTTP method 2020-02-10 3.5.10 3.6.12 3.7.9 3.8.5 3.9.0 – CVE-2020-26116 CVE-2020-8315: Unsafe DLL loading in getpathp.c on Windows 7 2020-01-21 3.6.11 3.7.7 3.8.2 3.9.0 – CVE-2020-8315 Email header injection in Address objects 2019-12-17 3.5.10 3.6.11 3.7.8 3.8.4 3.9.0 – – Infinite loop in tarfile module while opening a crafted file 2019-12-10 3.5.10 3.6.12 3.7.9 3.8.5 3.9.0 – CVE-2019-20907 Remove newline characters from uu encoding methods 2019-11-30 2.7.18 3.5.10 3.6.10 3.7.6 3.8.1 3.9.0 – – urllib basic auth regex denial of service 2019-11-17 3.5.10 3.6.11 3.7.8 3.8.3 3.9.0 – CVE-2020-8492 Regular Expression Denial of Service in http.cookiejar 2019-11-14 2.7.18 3.5.10 3.6.10 3.7.6 3.8.1 3.9.0 – – CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen() 2019-10-24 2.7.18 3.5.10 3.6.11 3.7.8 3.8.3 3.9.0 – CVE-2019-18348 Reflected XSS in DocXMLRPCServer 2019-09-21 2.7.17 3.5.8 3.6.10 3.7.5 3.8.0 – CVE-2019-16935 ssl.match_hostname() ignores extra string after whitespace in IPv4 address 2019-07-01 3.7.4 3.8.0 – – urlsplit does not handle NFKC normalization (second fix) 2019-04-27 2.7.17 3.5.8 3.6.9 3.7.4 3.8.0 – CVE-2019-10160 urlsplit does not handle NFKC normalization 2019-03-06 2.7.17 3.5.7 3.6.9 3.7.3 3.8.0 – CVE-2019-9636 urllib module local_file:// scheme 2019-02-06 2.7.17 3.5.8 3.6.9 3.7.4 3.8.0 – CVE-2019-9948 Continued on next page 3 Python Security Documentation, Release 0.0 Table 1 – continued from previous page Vulnerability Disclosure Fixed In Vulnerable CVE TALOS-2018-0758 SSL CRL distribution points Denial of Service 2019-01-15 2.7.16 3.4.10 3.5.7 3.6.9 3.7.3 3.8.0 – CVE-2019-5010 http.cookiejar: Incorrect validation of path 2019-01-03 2.7.17 3.4.10 3.5.7 3.6.9 3.7.3 3.8.0 – – xml package does not obey ignore_environment 2018-09-24 2.7.16 3.4.10 3.5.7 3.6.8 3.7.2 3.8.0 – – pickle.load denial of service 2018-09-13 3.4.10 3.5.7 3.6.7 3.7.1 3.8.0 – CVE-2018-20406 _elementree C accelerator doesn’t call XML_SetHashSalt() 2018-09-10 2.7.16 3.4.10 3.5.7 3.6.7 3.7.1 3.8.0 – CVE-2018-14647 email.utils.parseaddr mistakenly parse an email 2018-07-19 2.7.17 3.5.8 3.6.10 3.7.5 3.8.0 – CVE-2019-16056 Email folding function Denial-of-Service 2018-05-16 3.6.9 3.7.4 3.8.0 – – Buffer overflow vulnerability in os.symlink on Windows 2018-03-05 3.4.9 3.5.6 3.6.5 3.7.0 – CVE-2018-1000117 difflib and poplib catastrophic backtracking 2018-03-02 2.7.15 3.4.9 3.5.6 3.6.5 3.7.0 – CVE-2018-1060 CVE-2018-1061 Python 2.7 readahead is not thread safe 2017-09-20 2.7.15 – CVE-2018-1000030 Expat 2.2.3 2017-07-17 2.7.14 3.3.7 3.4.8 3.5.5 3.6.3 3.7.0 – – Environment variables injection in subprocess on Windows 2017-06-22 2.7.14 3.3.7 3.4.7 3.5.4 3.6.2 3.7.0 – – Expat 2.2.1 2017-06-17 2.7.14 3.3.7 3.4.7 3.5.4 3.6.2 3.7.0 – CVE-2012-0876 CVE-2016-0718 CVE-2016-9063 CVE-2017-9233 PyString_DecodeEscape integer overflow 2017-06-13 2.7.14 3.4.8 3.5.5 – CVE-2017-1000158 bpo-30500: urllib connects to a wrong host 2017-05-29 2.7.14 3.3.7 3.4.7 3.5.4 3.6.2 3.7.0 – – HTTP Header Injection (follow-up of CVE-2016-5699) 2017-05-24 2.7.17 3.5.8 3.6.9 3.7.4 3.8.0 – CVE-2019-9740 CVE-2019-9947 Py_SetPath(): _Py_CheckPython3 uses uninitialized DLL path 2017-03-10 3.5.10 3.6.12 3.7.9 3.8.4 3.9.0 – CVE-2020-15523 urllib FTP protocol stream injection 2017-02-20 2.7.14 3.3.7 3.4.7 3.5.4 3.6.3 3.7.0 – – Expat 2.2 (Expat bug #537) 2017-02-17 2.7.14 3.3.7 3.4.7 3.5.4 3.6.2 3.7.0 – CVE-2016-0718 CVE-2016-4472 Zlib 1.2.11 2017-01-05 2.7.14 3.4.8 3.5.4 3.6.1 3.7.0 – CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 gettext.c2py() 2016-10-30 2.7.13 3.3.7 3.4.6 3.5.3 3.6.0 – – Sweet32 attack (DES, 3DES) 2016-08-24 2.7.13 3.4.7 3.5.3 3.6.0 – CVE-2016-2183 HTTPoxy attack 2016-07-18 2.7.13 3.3.7 3.4.6 3.5.3 3.6.0 – CVE-2016-1000110 smtplib TLS stripping 2016-06-11 2.7.12 3.3.7 3.4.5 3.5.2 3.6.0 – CVE-2016-0772 Issue #26657: HTTP server directory traversal 2016-03-28 2.7.12 3.3.7 3.4.7 3.5.2 3.6.0 – – Issue #26556: Expat 2.1.1 2016-03-14 2.7.12 3.3.7 3.4.5 3.5.2 3.6.0 – CVE-2015-1283 zipimporter overflow 2016-01-21 2.7.12 3.3.7 3.4.5 3.5.2 3.6.0 – CVE-2016-5636 HTTP header injection 2014-11-24 2.7.10 3.3.7 3.4.4 3.5.0 – CVE-2016-5699 Validate TLS certificate 2014-08-28 2.7.9 3.4.3 3.5.0 – CVE-2014-9365 buffer() integer overflows 2014-06-24 2.7.8 – CVE-2014-7185 JSONDecoder.raw_decode 2014-04-13 2.7.7 3.2.6 3.3.6 3.4.1 3.5.0 – CVE-2014-4616 os.makedirs() not thread-safe 2014-03-28 3.2.6 3.3.6 3.4.1 3.5.0 – CVE-2014-2667 socket.recvfrom_into() overflow 2014-01-14 2.7.7 3.2.6 3.3.4 3.4.0 – CVE-2014-1912 zipfile DoS using invalid file size 2013-12-27 3.3.4 3.4.0 – CVE-2013-7338 CGI directory traversal (URL parsing) 2013-10-29 2.7.6 3.2.6 3.3.4 3.4.0 – – ssl: NULL in subjectAltNames 2013-06-27 2.6.9 2.7.6 3.2.6 3.3.3 3.4.0 – CVE-2013-4238 ssl.match_hostname() IDNA issue 2013-05-17 3.3.3 3.4.0 – CVE-2013-7440 ssl.match_hostname() wildcard DoS 2013-05-15 3.2.6 3.3.3 3.4.0 – CVE-2013-2099 Limit imaplib.IMAP4_SSL.readline() 2012-09-25 2.7.16 – CVE-2013-1752 ftplib unlimited read 2012-09-25 2.7.6 3.2.6 3.3.3 3.4.0 – CVE-2013-1752 nntplib unlimited read 2012-09-25 2.6.9 2.7.6 3.2.6 3.3.7 3.4.3 3.5.0 – CVE-2013-1752 poplib unlimited read 2012-09-25 2.7.9 3.2.6 3.3.7 3.4.3 3.5.0 – CVE-2013-1752 smtplib unlimited read 2012-09-25 2.7.9 3.2.6 3.3.7 3.4.3 3.5.0 – CVE-2013-1752 xmlrpc gzip unlimited read 2012-09-25 2.7.9 3.3.7 3.4.3 3.5.0 – CVE-2013-1753 Hash function not randomized properly 2012-04-19 3.4.0 – CVE-2013-7040 Vulnerability in the utf-16 decoder after error handling 2012-04-14 2.7.4 3.2.4 3.3.0 – CVE-2012-2135 XML-RPC DoS 2012-02-13 2.6.8 2.7.3 3.1.5 3.2.3 3.3.0 – CVE-2012-0845 ssl CBC IV attack 2012-01-27 2.6.8 2.7.3 3.1.5 3.2.3 3.3.0 – CVE-2011-3389 Hash DoS 2011-12-28 2.6.8 2.7.3 3.1.5 3.2.3 3.3.0 – CVE-2012-1150 Continued on next page 4 Chapter 1.
Recommended publications
  • Epydoc: API Documentation Extraction in Python

    Epydoc: API Documentation Extraction in Python

    Epydoc: API Documentation Extraction in Python Edward Loper Department of Computer and Information Science University of Pennsylvania, Philadelphia, PA 19104-6389, USA Abstract • All API documentation must be written (and read) in plaintext. Epydoc is a tool for generating API documentation for Python modules, based on their docstrings. It • There is no easy way to navigate through the supports several output formats (including HTML API documentation. and PDF), and understands four different markup • The API documentation is not searchable. languages (Epytext, Javadoc, reStructuredText, and plaintext). A wide variety of fields can be used to • A library's API documentation cannot be viewed supply specific information about individual objects, until that library is installed. such as descriptions of function parameters, type sig- natures, and groupings of related objects. • There is no mechanism for documenting vari- ables. 1 Introduction • There is no mechanism for \inheriting" docu- mentation (e.g. in a method that overrides its Documentation is a critical contributor to a library's base class method). This can lead to dupli- usability. Thorough documentation shows new users cation of documentation, which can often get how to use a library; and details the library's specific out-of-sync. behavior for advanced users. Most libraries can ben- efit from three different types of documentation: tu- Epydoc is a tool that automatically extracts a li- torial documentation, which introduces new users to brary's docstrings, and uses them to create API doc- the library by showing them how to perform typical umentation for the library in a variety of formats. tasks; reference documentation, which explains the li- Epydoc addresses all of these limitations: brary's overall design, and describes how the different • pieces of the library fit together; and API documenta- Docstrings can be written in a variety of markup tion, which describes the individual objects (classes, languages, including reStructuredText and Javadoc.
  • Python Guide Documentation Publicación 0.0.1

    Python Guide Documentation Publicación 0.0.1

    Python Guide Documentation Publicación 0.0.1 Kenneth Reitz 17 de May de 2018 Índice general 1. Empezando con Python 3 1.1. Eligiendo un Interprete Python (3 vs. 2).................................3 1.2. Instalando Python Correctamente....................................5 1.3. Instalando Python 3 en Mac OS X....................................6 1.4. Instalando Python 3 en Windows....................................8 1.5. Instalando Python 3 en Linux......................................9 1.6. Installing Python 2 on Mac OS X.................................... 10 1.7. Instalando Python 2 en Windows.................................... 12 1.8. Installing Python 2 on Linux....................................... 13 1.9. Pipenv & Ambientes Virtuales...................................... 14 1.10. Un nivel más bajo: virtualenv...................................... 17 2. Ambientes de Desarrollo de Python 21 2.1. Your Development Environment..................................... 21 2.2. Further Configuration of Pip and Virtualenv............................... 26 3. Escribiendo Buen Código Python 29 3.1. Estructurando tu Proyecto........................................ 29 3.2. Code Style................................................ 40 3.3. Reading Great Code........................................... 49 3.4. Documentation.............................................. 50 3.5. Testing Your Code............................................ 53 3.6. Logging.................................................. 57 3.7. Common Gotchas...........................................
  • Week 7 " Reuse Your Own Code Top 20 Tools of All Time CS 212 – Spring 2008 (

    Week 7 " Reuse Your Own Code Top 20 Tools of All Time CS 212 – Spring 2008 (

    Programming Language as a Tool Software Tools ! Use the language that best fits your task ! Think small " Write little programs that test various concepts " Test them! " Comment them! " Build collections of these little programs Week 7 " Reuse your own code Top 20 Tools of All Time CS 212 – Spring 2008 (http://uk.gizmodo.com/) Languages for Different Domains Scripting Languages ! General purpose ! Concurrent/distributed ! A script is a sequence of ! Example scripting languages: " Examples: Lisp, Algol, PL/1, processes common commands made into a Unix shell, Python, Perl, Scheme, Java, Python " Control of multiple threads single program Tcl (Tool command language) ! Systems programming " Examples: Ada, Oz, Smalltalk, " Unix uses shell scripts " Emphasis on efficiency and Java " The shell is the interactive ! Some Python code: tight control of data ! Educational interface to Unix structures " " Examples: Basic, Haskell, You can combine commands class Stack (object): " Examples: C, C++, Forth, Pascal, Python, Scheme, from the Unix shell to create def __init__ (self): Modula-2 Smalltalk programs self.stack = [ ] ! Scripting ! Various other domains def put (self, item): self.stack.append(item) " ! Examples: Unix shell, Perl, " Discrete event simulation: A scripting language is usually def get (self): Python, Ruby, Tcl Simula " Easy to learn return self.stack.pop() " Web scripting: Javascript " Interpreted instead of def isEmpty (self): " Realtime applications: Ada compiled return len(self.stack) == 0 " Text processing: Snobol, Perl " Printing:
  • Application Programming Interface (API) Is a Specification Intended to Be Used As an Interface by Software Components to Communicate with Each Other

    Application Programming Interface (API) Is a Specification Intended to Be Used As an Interface by Software Components to Communicate with Each Other

    Application programming interface 1 Application programming interface An application programming interface (API) is a specification intended to be used as an interface by software components to communicate with each other. An API may include specifications for routines, data structures, object classes, and variables. An API specification can take many forms, including an International Standard such as POSIX or vendor documentation such as the Microsoft Windows API, or the libraries of a programming language, e.g. Standard Template Library in C++ or Java API. An API differs from an application binary interface (ABI) in that the former is source code based while the latter is a binary interface. For instance POSIX is an API, while the Linux Standard Base is an ABI.[1] Language used An API can be: • language-dependent, meaning it is only available by using the syntax and elements of a particular language, which makes the API more convenient to use. • language-independent, written so that it can be called from several programming languages. This is a desirable feature for a service-oriented API that is not bound to a specific process or system and may be provided as remote procedure calls or web services. For example, a website that allows users to review local restaurants is able to layer their reviews over maps taken from Google Maps, because Google Maps has an API that facilitates this functionality. Google Maps' API controls what information a third-party site can use and how they can use it. The term API may be used to refer to a complete interface, a single function, or even a set of APIs provided by an organization.
  • Red Hat Enterprise Linux Developer's Getting Started Guide

    Red Hat Enterprise Linux Developer's Getting Started Guide

    WHITE PAPER RED HAT ENTERPRISE LINUX DEVELOPER'S GETTING STARTED GUIDE EXECUTIVE SUMMARY Red Hat Enterprise Linux is an enterprise-class open-source operating system that is widely adopted world wide, scaling seamlessly from individual desktops to large servers in the datacenter. Certified by leading hardware and software vendors, Red Hat Enterprise Linux delivers high performance, reliability, and security along with flexibility, efficiency, and control. For developers, Red Hat provides an extensive set of resources, technologies, and tools that can be used to efficiently develop powerful applications for the Red Hat Enterprise Linux platform. These applications can be deployed with great flexibility, as Red Hat Enterprise Linux supports major hardware architectures, comprehensive virtualization solutions, and a range of cloud-computing options. This document is intended for software developers who are new to Red Hat Enterprise Linux and want to understand the key touch points for any phase of application development – from planning and building, through testing and deploying. The following sections describe the resources and tools that are available on Red Hat Enterprise Linux and provide links to additional information. www.redhat.com WHITE PAPER RED HAT ENTERPRISE LINUX DEVELOPER'S GETTING STARTED GUIDE TABLE OF CONTENTS Developing Software On Red Hat Enterprise Linux................................................................................................4 Overview..................................................................................................................................................................................
  • A Language-Independent Static Checking System for Coding Conventions

    A Language-Independent Static Checking System for Coding Conventions

    A Language-Independent Static Checking System for Coding Conventions Sarah Mount A thesis submitted in partial fulfilment of the requirements of the University of Wolverhampton for the degree of Doctor of Philosophy 2013 This work or any part thereof has not previously been presented in any form to the University or to any other body whether for the purposes of as- sessment, publication or for any other purpose (unless otherwise indicated). Save for any express acknowledgements, references and/or bibliographies cited in the work, I confirm that the intellectual content of the work is the result of my own efforts and of no other person. The right of Sarah Mount to be identified as author of this work is asserted in accordance with ss.77 and 78 of the Copyright, Designs and Patents Act 1988. At this date copyright is owned by the author. Signature: . Date: . Abstract Despite decades of research aiming to ameliorate the difficulties of creat- ing software, programming still remains an error-prone task. Much work in Computer Science deals with the problem of specification, or writing the right program, rather than the complementary problem of implementation, or writing the program right. However, many desirable software properties (such as portability) are obtained via adherence to coding standards, and there- fore fall outside the remit of formal specification and automatic verification. Moreover, code inspections and manual detection of standards violations are time consuming. To address these issues, this thesis describes Exstatic, a novel framework for the static detection of coding standards violations. Unlike many other static checkers Exstatic can be used to examine code in a variety of lan- guages, including program code, in-line documentation, markup languages and so on.
  • Python Guide Documentation Publicación 0.0.1

    Python Guide Documentation Publicación 0.0.1

    Python Guide Documentation Publicación 0.0.1 Kenneth Reitz 15 de November de 2016 Índice general 1. Getting Started with Python 3 1.1. Eligiendo un Interprete..........................................3 1.2. Properly Installing Python........................................5 1.3. Installing Python on Mac OS X.....................................6 1.4. Installing Python on Windows......................................7 1.5. Installing Python on Linux........................................8 2. Writing Great Python Code 11 2.1. Structuring Your Project......................................... 11 2.2. Code Style................................................ 21 2.3. Reading Great Code........................................... 31 2.4. Documentation.............................................. 31 2.5. Testing Your Code............................................ 33 2.6. Logging.................................................. 37 2.7. Common Gotchas............................................ 40 2.8. Choosing a License............................................ 43 3. Scenario Guide for Python Applications 45 3.1. Network Applications.......................................... 45 3.2. Web Applications............................................ 46 3.3. HTML Scraping............................................. 52 3.4. Command-line Applications....................................... 54 3.5. GUI Applications............................................. 55 3.6. Databases................................................. 57 3.7. Networking...............................................
  • How to Think Like a Computer Scientist: Learning with Python Documentation Release 2Nd Edition

    How to Think Like a Computer Scientist: Learning with Python Documentation Release 2Nd Edition

    How to Think Like a Computer Scientist: Learning with Python Documentation Release 2nd Edition Jeffrey Elkner, Allen B. Downey and Chris Meyers February 22, 2017 CONTENTS 1 Learning with Python3 Index 295 i ii How to Think Like a Computer Scientist: Learning with Python Documentation, Release 2nd Edition CONTENTS 1 How to Think Like a Computer Scientist: Learning with Python Documentation, Release 2nd Edition 2 CONTENTS CHAPTER ONE LEARNING WITH PYTHON 2nd Edition (Using Python 2.x) by Jeffrey Elkner, Allen B. Downey, and Chris Meyers Last Updated: 21 April 2012 • Copyright Notice • Foreword • Preface • Contributor List • Chapter 1 The way of the program • Chapter 2 Variables, expressions, and statements • Chapter 2b A light look at lists and looping • Chapter 3 Functions • Chapter 4 Conditionals • Chapter 5 Fruitful functions • Chapter 6 Iteration • Chapter 7 Strings • Chapter 8 Case Study: Catch • Chapter 9 Lists • Chapter 10 Modules and files • Chapter 11 Recursion and exceptions • Chapter 12 Dictionaries • Chapter 13 Classes and objects • Chapter 14 Classes and functions 3 How to Think Like a Computer Scientist: Learning with Python Documentation, Release 2nd Edition • Chapter 15 Classes and methods • Chapter 16 Sets of Objects • Chapter 17 Inheritance • Chapter 18 Linked Lists • Chapter 19 Stacks • Chapter 20 Queues • Chapter 21 Trees • Appendix A Debugging • Appendix B GASP • Appendix c Configuring Ubuntu for Python Development • Appendix D Customizing and Contributing to the Book • GNU Free Document License Copyright Notice Copyright (C) Jeffrey Elkner, Allen B. Downey and Chris Meyers. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with Invariant Sections being Foreward, Preface, and Contributor List, no Front-Cover Texts, and no Back-Cover Texts.
  • Ipython Documentation Release 0.10.1

    Ipython Documentation Release 0.10.1

    IPython Documentation Release 0.10.1 The IPython Development Team October 11, 2010 CONTENTS 1 Introduction 1 1.1 Overview............................................1 1.2 Enhanced interactive Python shell...............................1 1.3 Interactive parallel computing.................................3 2 Installation 5 2.1 Overview............................................5 2.2 Quickstart...........................................5 2.3 Installing IPython itself....................................6 2.4 Basic optional dependencies..................................7 2.5 Dependencies for IPython.kernel (parallel computing)....................8 2.6 Dependencies for IPython.frontend (the IPython GUI).................... 10 3 Using IPython for interactive work 11 3.1 Quick IPython tutorial..................................... 11 3.2 IPython reference........................................ 17 3.3 IPython as a system shell.................................... 42 3.4 IPython extension API..................................... 47 4 Using IPython for parallel computing 53 4.1 Overview and getting started.................................. 53 4.2 Starting the IPython controller and engines.......................... 57 4.3 IPython’s multiengine interface................................ 64 4.4 The IPython task interface................................... 78 4.5 Using MPI with IPython.................................... 80 4.6 Security details of IPython................................... 83 4.7 IPython/Vision Beam Pattern Demo.............................
  • Génération Automatique De La Documentation D'un Code

    Génération Automatique De La Documentation D'un Code

    Introduction Doxygen Sphinx Remarques R´ef´erences G´en´erationautomatique de la documentation d'un code Anne Cadiou Laboratoire de M´ecaniquedes Fluides et d'Acoustique Ateliers et S´eminairesPour l'Informatique et le Calcul Scientifique PMCS2I - LMFA Vendredi 4 juin 2021 1/39 Introduction Doxygen Sphinx Remarques R´ef´erences Motivation Pourquoi g´en´ererautomatiquement une documentation ? • destin´e`amieux comprendre de un code, en faciliter la lecture et le d´eveloppement • les lignes de codes parlent par elles-m^emedu comment, mais il est parfois n´ecessaired'ajouter un commentaire sur le pourquoi • des commentaires sont pr´esentsdans le code, pour expliquer ou justifier les lignes de codes • ´ecrireun document `apart du code est difficile `amaintenir `ajour • avoir un syst`emequi extrait les commentaires du code permet aussi d'am´eliorer la qualit´ede ces commenaires • extraire une documentation du code permet aussi de tenir compte de la structure du code Un syst`emede g´en´erationautomatique de documentation `apartir d'un code extrait des informations `apartir des sources et les compile en une documentation qui ´evolue automatiquement avec le code. 2/39 Introduction Doxygen Sphinx Remarques R´ef´erences Outils existants tr`esnombreux https://en.wikipedia.org/wiki/Comparison of documentation generators cela d´epend • de leur licence • du langage avec lequel le code `adocumenter est ´ecrit • de leurs int´egrationdans d'´eventuelsIDE • de leurs formats de sortie • de la taille du code `adocumenter • des syst`emesd'exploitation support´es,etc. Outils les plus r´epandus en C, C++, FORTRAN, Python : • Doxygen • Sphinx Certains sont d´edi´es`aun langage, par exemple pydoctor (rempla¸cant d'Epydoc), pdoc ou pydoc pour Python, ROBODoc, FORD pour FORTRAN, etc.
  • Python Guide Documentation Release 0.0.1

    Python Guide Documentation Release 0.0.1

    Python Guide Documentation Release 0.0.1 Kenneth Reitz July 06, 2018 Contents 1 Getting Started with Python 3 1.1 Picking an Python Interpreter (3 vs. 2).................................3 1.2 Properly Installing Python........................................5 1.3 Installing Python 3 on Mac OS X....................................6 1.4 Installing Python 3 on Windows.....................................8 1.5 Installing Python 3 on Linux.......................................8 1.6 Installing Python 2 on Mac OS X.................................... 10 1.7 Installing Python 2 on Windows..................................... 12 1.8 Installing Python 2 on Linux....................................... 13 1.9 Pipenv & Virtual Environments..................................... 14 1.10 Lower level: virtualenv.......................................... 16 2 Python Development Environments 21 2.1 Your Development Environment..................................... 21 2.2 Further Configuration of Pip and Virtualenv............................... 26 3 Writing Great Python Code 29 3.1 Structuring Your Project......................................... 29 3.2 Code Style................................................ 40 3.3 Reading Great Code........................................... 49 3.4 Documentation.............................................. 50 3.5 Testing Your Code............................................ 53 3.6 Logging.................................................. 58 3.7 Common Gotchas............................................ 60 3.8 Choosing
  • Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing

    Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing

    WHITE PAPER Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing Fernando Arnaboldi IOActive Senior Security Consultant Abstract Securely developed applications may have unidentified vulnerabilities in the underlying programming languages. Attackers can target these programming language flaws to alter applications' behavior. This means applications are only as secure as the programming languages parsing the code. A differential fuzzing framework was created to detect dangerous and unusual behaviors in similar software implementations. Multiple implementations of the top five interpreted programming languages were tested: JavaScript, Perl, PHP, Python, and Ruby. After fuzzing the default libraries and built-in functions, several dangerous behaviors were automatically identified. This paper reveals the most serious vulnerabilities found in each language. It includes practical examples identifying which undocumented functions could allow OS command execution, when sensitive file contents may be partially exposed in error messages, how native code is being unexpectedly interpreted – locally and remotely – and when constant's names could be used as regular strings for OS command execution. The vulnerabilities, methodology, and fuzzer will be made open source, and the accompanying talk will include live demonstrations. © 2017 IOActive, Inc. All Rights Reserved WHITE PAPER Contents Introduction ..................................................................................................................