Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pySCG adding CWE-78 code and doc #689

Merged
merged 7 commits into from
Nov 8, 2024
Merged

pySCG adding CWE-78 code and doc #689

merged 7 commits into from
Nov 8, 2024

Conversation

myteron
Copy link
Contributor

@myteron myteron commented Nov 1, 2024
edited
Loading

Adding CWE-78 as part of #531
also building on top of discussion from #654

@myteron
pySCG adding CWE-78 code and doc
0a1cccf 
Signed-off-by: Helge Wehder <helge.wehder@ericsson.com>
@gkunz gkunz self-requested a review November 4, 2024 16:39
myteron and others added 3 commits November 6, 2024 23:04
@myteron @gkunz
Update docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md
5f966b5 
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com>
Signed-off-by: myteron <myteron@gmail.com>
@myteron @gkunz
Update docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md
e63e5bd 
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com>
Signed-off-by: myteron <myteron@gmail.com>
@myteron @gkunz
Update docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md
4e2f0ca 
Co-authored-by: Georg Kunz <georg.kunz@ericsson.com>
Signed-off-by: myteron <myteron@gmail.com>
BartyBoi1128
BartyBoi1128 reviewed Nov 7, 2024
View reviewed changes
docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md Outdated

```

Instead of listing files, the code in `noncompliant01.py` prints the first line of `/etc/passwd` on Linux or starts `net user` under Windows.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to behave differently for me in Windows... we should discuss

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated content to explain a bit more

@myteron
Update README.md addressing Barts comments
30153ee 
addressed typos and phrasing comments by bart

Signed-off-by: myteron <myteron@gmail.com>
@myteron
Update README.md fixed linter issues
10a1300 
Signed-off-by: myteron <myteron@gmail.com>
@myteron
Update README.md
5311d97 
Signed-off-by: myteron <myteron@gmail.com>
gkunz
gkunz approved these changes Nov 7, 2024
View reviewed changes
Copy link
Contributor

@gkunz gkunz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I cannot test the Windows runtime behavior issue @BartyBoi1128 pointed out, but I am ok with the other changes.

@myteron
Copy link
Contributor Author

myteron commented Nov 8, 2024

Got approval from Bart.

This is part of #531

@myteron myteron merged commit 5abf31f into ossf:main Nov 8, 2024
2 checks passed
@myteron myteron deleted the pySCG_Doc2GitHub_CWE-707_CWE-78 branch November 8, 2024 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BartyBoi1128 BartyBoi1128 BartyBoi1128 approved these changes

@gkunz gkunz gkunz approved these changes

Assignees
No one assigned
Labels
Product: Python Hardening Guide
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@myteron @gkunz @BartyBoi1128