name	python-security-review
description	Review Python code for common security vulnerabilities

Python Security Code Review

Overview

Review Python code for security vulnerabilities, focusing on the OWASP Top 10 and Python-specific issues.

Critical Checks (Always Flag)

1. Injection Vulnerabilities

SQL: Look for string formatting in queries BAD: f"SELECT * FROM users WHERE id = {user_id}" GOOD: cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
Command Injection: subprocess with shell=True BAD: subprocess.run(f"ls {user_input}", shell=True) GOOD: subprocess.run(["ls", user_input])
SSTI: Direct user input in templates BAD: render_template_string(user_input)

2. Authentication Issues

Hardcoded credentials
Weak password hashing (MD5, SHA1 without salt)
Missing rate limiting on auth endpoints
JWT without expiration

3. Data Exposure

Secrets in code or logs
Debug mode in production
Verbose error messages to users
Sensitive data in URLs

4. Insecure Deserialization

pickle.loads with untrusted data
yaml.load without Loader=SafeLoader
eval/exec on user input

5. Path Traversal

User input in file paths without validation
Missing path canonicalization

Output Format

For each issue found:

[SEVERITY] Issue Title
Line: X
Code: `affected code snippet`
Risk: What could happen
Fix: How to fix it

Severity levels: CRITICAL, HIGH, MEDIUM, LOW, INFO

False Positive Prevention

Check if input is sanitized before flagging
Look for middleware/decorators that might handle security
Consider the context (internal tool vs public API)

name	python-security-review
description	Review Python code for common security vulnerabilities

Python Security Code Review

Overview

Review Python code for security vulnerabilities, focusing on the OWASP Top 10 and Python-specific issues.

Critical Checks (Always Flag)

1. Injection Vulnerabilities

SQL: Look for string formatting in queries BAD: f"SELECT * FROM users WHERE id = {user_id}" GOOD: cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
Command Injection: subprocess with shell=True BAD: subprocess.run(f"ls {user_input}", shell=True) GOOD: subprocess.run(["ls", user_input])
SSTI: Direct user input in templates BAD: render_template_string(user_input)

2. Authentication Issues

Hardcoded credentials
Weak password hashing (MD5, SHA1 without salt)
Missing rate limiting on auth endpoints
JWT without expiration

3. Data Exposure

Secrets in code or logs
Debug mode in production
Verbose error messages to users
Sensitive data in URLs

4. Insecure Deserialization

pickle.loads with untrusted data
yaml.load without Loader=SafeLoader
eval/exec on user input

5. Path Traversal

User input in file paths without validation
Missing path canonicalization

Output Format

For each issue found:

[SEVERITY] Issue Title
Line: X
Code: `affected code snippet`
Risk: What could happen
Fix: How to fix it

Severity levels: CRITICAL, HIGH, MEDIUM, LOW, INFO

False Positive Prevention

Check if input is sanitized before flagging
Look for middleware/decorators that might handle security
Consider the context (internal tool vs public API)

python-security-review

Python Security Code Review

Overview

Critical Checks (Always Flag)

1. Injection Vulnerabilities

2. Authentication Issues

3. Data Exposure

4. Insecure Deserialization

5. Path Traversal

Output Format

False Positive Prevention

Mehr aus diesem Repository

Mehr aus diesem Repository

Python Security Code Review

Overview

Critical Checks (Always Flag)

1. Injection Vulnerabilities

2. Authentication Issues

3. Data Exposure

4. Insecure Deserialization

5. Path Traversal

Output Format

False Positive Prevention