Closed
Bug 811876
Opened 13 years ago
Closed 7 years ago
Python Static Code Security Analysis
Categories
(mozilla.org :: Security Assurance, task)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: ygjb, Assigned: jbremer, Mentored)
References
Details
(Whiteboard: [mentorship][lang=python])
Attachments
(1 file)
|
226.13 KB,
application/pdf
|
Details |
Duration: 200 hours ? (maybe more?)
Requirements: Python application development skills. Basic understanding of file parsing and Python AST processing. Basic understanding of Python vulnerability patterns.
Goals:
Like in any language, it is easy to make mistakes in the design of code or to simply introduce bugs. Often, these problems have big security consequences.
Think for example of a common case where SQL is constructed manually by appending strings instead of using parameterized statements. Or, for open source projects, accidentally embedding web service API keys or account credentials in code committed to a public source code repository.
Both these problems can be found by analyzing source code and looking for common vulnerability patterns and things that look suspicious.
This project is about building a tool that can run a wide range of tests on a Python project. The goal is to both write the infrastructure in which tests can run and to implement a number of interesting vulnerability scanners.
This project has similarities to tools like pychecker and pylint but instead of focusing on code style its primary goal will be to find security issues.
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [mentorship] → [mentorship][mentor=sarentz@mozilla.com][lang=python]
|
|
Reporter | |
Updated•13 years ago
|
Assignee: sarentz → nobody
Summary: Graph Visualization of Web Applications → Python Static Code Security Analysis
|
|
||
Updated•13 years ago
|
Assignee: nobody → crawler100593
Status: NEW → ASSIGNED
|
|
||
Updated•13 years ago
|
Assignee: crawler100593 → nobody
|
||
Updated•13 years ago
|
Status: ASSIGNED → NEW
|
|
||
Comment 2•13 years ago
|
||
Hi Adaresh, We already have a student working on this bug. But I will remember that you are interested in this bug and maybe later we can assign you smaller subtasks of this bug. It very much depends on what the student is going to do as we want to be sure not to interfere with his thesis work.
|
|
||
Comment 3•13 years ago
|
||
I am happy to announce that Jurriaan Bremer will be working on this project! I have attached his thesis proposal to this bug as an attachment.
|
|
||
Comment 4•13 years ago
|
||
|
|
||
Updated•13 years ago
|
Assignee: nobody → jurriaanbremer
|
||
Comment 5•12 years ago
|
||
jbremer, you are still active on this bug, right? Just checking! Thanks!
Flags: needinfo?(jurriaanbremer)
|
|
Assignee | |
Comment 6•12 years ago
|
||
Yup. Currently writing my thesis. If you're interested, however, you can check out the code here. https://github.com/st3fan/pythoncodeanalysis The basics are there already, but I'll be working on the interesting stuff after having written my thesis.
Flags: needinfo?(jurriaanbremer)
|
||
Updated•11 years ago
|
Mentor: sarentz
Whiteboard: [mentorship][mentor=sarentz@mozilla.com][lang=python] → [mentorship][lang=python]
|
|
||
Comment 8•7 years ago
|
||
Juriaan worked somewhere within this, see comment 6.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(yvanboily+mozbugmail)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•