Reviewed the Python Secure Coding Guide and made a lot of minor changes #1004
Conversation
Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: myteron <[email protected]>
myteron
left a comment
myteron
left a comment
There was a problem hiding this comment.
Some different opinion on going to much into STRIDE
Note that Reference section using brackets like in [online] may required [online] to avoid the rat.
docs/Secure-Coding-Guide-for-Python/CWE-682/CWE-1335/01/README.md
Outdated
Show resolved
Hide resolved
myteron
left a comment
myteron
left a comment
There was a problem hiding this comment.
Some difference in opinion regards going to deep into STRIDE.
some cosmetics you need to pull
Brackets, such as [online] in the Reference section may trip up the linter and needs escapes .[online]
Co-authored-by: myteron <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: myteron <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
s19110
left a comment
s19110
left a comment
There was a problem hiding this comment.
Thank you so much for taking a look at all of this. It turns out there were quite a few things in need of fixing within our currently finished rules. I left some cosmetic suggestions as well as other comments.
| |Hardcoded `IPs` or ports|Rather than hardcoding IP addresses DNS should be properly implemented in the deployment in combination with solutions such as:| | ||
|
|
||
| * `RFC 9250` - [DNS over Dedicated QUIC Connections (ietf.org)](https://datatracker.ietf.org/doc/rfc9250/) | ||
| * `RFC 7858` - [Specification for DNS over Transport Layer Security (TLS) (ietf.org)](https://datatracker.ietf.org/doc/html/rfc7858) | ||
| * `RFC 6494` - [Certificate Profile and Certificate Management for SEcure Neighbor Discovery (SEND) (ietf.org) for IPV6](https://datatracker.ietf.org/doc/rfc6494/) | ||
| * `DNSSEC` [RFC 9364](https://datatracker.ietf.org/doc/html/rfc9364), `RFC 6014`, `5155`, `4641`.... | ||
|
|
||
| The order and ways to resolve IPs is configured via `/etc/nsswitch.conf` on most Unix systems. | ||
|
|
||
| Using `mTLS` with a high granularity of machine identities can reduce or remove `DNS` related risks. |
There was a problem hiding this comment.
The bullet points are now outside of the table. I think using <br> is fine in this case.
There was a problem hiding this comment.
Yes I agree but unfortunately same thing with the linter happens:
MD033/no-inline-html: Inline HTML [Element: table]markdownlintMD033
Which made me think that this was the best solution for it... maybe we should discuss this.
Removed talking about STRIDE, added more information about Oracle Access Management including a reference Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
s19110
left a comment
s19110
left a comment
There was a problem hiding this comment.
One new small comment about a spelling mistake. Since these errors are small enough, I don't want to block this PR further, but I left a suggestion to make it easy to fix.
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Co-authored-by: Hubert Daniszewski <[email protected]> Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
Signed-off-by: Bartlomiej Karas <[email protected]>
s19110
left a comment
s19110
left a comment
There was a problem hiding this comment.
One table broke when converting back to html.
| |[SEI CERT JAVA 2024]|NUM01-J. Do not perform bitwise and arithmetic operations on the same data [online]. Available from: [https://wiki.sei.cmu.edu/confluence/display/java/NUM01-J.+Do+not+perform+bitwise+and+arithmetic+operations+on+the+same+data](https://wiki.sei.cmu.edu/confluence/display/java/NUM01-J.+Do+not+perform+bitwise+and+arithmetic+operations+on+the+same+data), [Accessed 6 May 2025]| | ||
| |[SEI CERT C 2025]|CERT C Coding Standard [online]. Available from: [https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Coding+Standard](https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Coding+Standard) [Accessed 6 May 2025]| |
There was a problem hiding this comment.
These lines need to be removed because now they are duplicates of the table rows.
Signed-off-by: Bartlomiej Karas <[email protected]>
s19110
left a comment
s19110
left a comment
There was a problem hiding this comment.
Everything looks good now. Great job 😄
3 participants
I added a few sentences, moved things around, fixed typos, removed Wikipedia links and inserted new links etc.