Hello,
While working on embedded Linux devices I ran into multiple cases of
unsafe use of input data on the back-end. These back-ends used Python
Flask framework and were made without the help of commercial (and
expensive) static analysis tools.
I looked around for a tool to spot these vulnerabilities, but could not
find anything available for free. So, I wrote a quick script at first
and then made it more generic. The tool checks functions with the route
decorator, it detects the request related input data and checks if the
data is passed to a function without being checked by a known filter or
validator.
I call the tool Python API parser and input analyzer (Papaia). I have
the sources available at https://gitlab.com/melomaa/papaia
Do you think this tool could be helpful for others and do you see that
it would fit under the PyCQA?
Best Regards,
Mikko Elomaa
_______________________________________________
code-quality mailing list -- code-quality@python.org
To unsubscribe send an email to code-quality-le...@python.org
https://mail.python.org/mailman3/lists/code-quality.python.org/
Member address: arch...@mail-archive.com
