Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pySCG: Doc2GitHub, moving code from an internal confluence to this GitHub space. #531

Open
myteron opened this issue Jun 5, 2024 · 1 comment
Open

pySCG: Doc2GitHub, moving code from an internal confluence to this GitHub space. #531

myteron opened this issue Jun 5, 2024 · 1 comment
Labels
Product: Python Hardening Guide

Comments

@myteron
Copy link
Contributor

myteron commented Jun 5, 2024
edited
Loading

There are around 40 rules on an internal confluence that have approval by Opensource group to be published. Some of the text and code requires refactoring and this work can only be done by Ericsson employees.

Once all docs are made available in GitHub we have:

  • Documentation for each code example.
  • GitHub as the main source for these documents
  • Stop using internal Confluence for the Python secure coding individual rules

Plain text : Nothing on GitHub
Link Only : Code on GitHub
Link Only : Code and Docs on GitHub

Full List:
CWE-78, Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-116: Prevent XML Injection
CWE-117: Improper Output Neutralization for Logs
CWE-134: Use of Externally-Controlled Format String
CWE-175: Improper Handling of Mixed Encoding
CWE-180: Incorrect Behavior Order: Validate Before Canonicalize
CWE-184: Incomplete List of Disallowed Input
CWE-191: Integer Underflow (Wrap or Wraparound)
CWE-197: Control rounding when converting to less precise numbers
CWE-197: Numeric Truncation Error
CWE-209: Generation of Error Message Containing Sensitive Information
CWE-230: Improper Handling of Missing Values
CWE-252: Unchecked Return Value
CWE-330: Use of Insufficiently Random Values
CWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition")
CWE-366, Race Condition within a Thread
CWE-369, Divide by Zero
CWE-390, Detection of Error Condition without Action
CWE-392: Missing Report of Error Condition
CWE-397, Declaration of Throws for Generic Exception
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
CWE-410: Insufficient Resource Pool
CWE-426: Untrusted Search Path
CWE-460: Improper Cleanup on Thrown Exception
CWE-472: External Control of Assumed-Immutable Web Parameter
CWE-476, NULL Pointer Dereference
CWE-489: Do not deliver an Application with Design tooling into Production.
CWE-501: Trust Boundary Violation)
CWE-502: Deserialization of Untrusted Data)
CWE-532: Insertion of Sensitive Information into Log File
CWE-584: Return Inside Finally Block
CWE-595: Comparison of Object References Instead of Object Contents
CWE-617: Reachable Assertion
CWE-665: Improper Initialization
CWE-681: Avoid an uncontrolled loss of precision when passing floating-point literals to a Decimal constructor
CWE-681: Incorrect Conversion between Numeric Types
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-755: Improper Handling of Exceptional Conditions
CWE-778: Insufficient Logging
CWE-798: Use of hardcoded credentials
CWE-833: Deadlock
CWE-838: Inappropriate Encoding for Output Context
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-1095: Loop Condition Value Update within the Loop
CWE-1109: Use of Same Variable for Multiple Purposes
CWE-1335: Incorrect Bitwise Shift of Integer
CWE-1335: Promote readability and compatibility by using mathematical written code with arithmetic operations instead of bit-wise operations
CWE-1339: Insufficient Precision or Accuracy of a Real Number
XXX-001: Avoid confusion over the evaluation order by using simple expressions
XXX-005: Consider hash-based integrity verification of byte code files against their source code files
@myteron myteron mentioned this issue Jun 6, 2024
Merged
@myteron myteron mentioned this issue Jun 7, 2024
Merged
@myteron myteron mentioned this issue Jun 20, 2024
Closed
@myteron
Copy link
Contributor Author

myteron commented Jun 21, 2024

@SecurityCRob I wonder what the best handling is. I could start striking through the CWE's we have processed but it overall appears to me that an "issue" is to small for what we are trying to do here. It seems that a project is the next level up to an issues but never used that.
Not sure how well a milestone would work for this.

myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Jun 21, 2024
@myteron
Adding CWE-191 code and docs as part of ossf#531
549948a 
Signed-off-by: Helge Wehder <[email protected]>
@myteron myteron mentioned this issue Jun 21, 2024
Merged
myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Jun 28, 2024
@myteron
Moving code to git for:
00cea5f 
CWE-197 Control rounding when converting to less precise numbers
Prior to moving doc as part of ossf#531

Signed-off-by: Helge Wehder <[email protected]>
myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Jun 28, 2024
@myteron
Uploading only code for CWE-197 Control rounding when converting to l…
f22c273 
…ess precise numbers

for ossf#531

Signed-off-by: Helge Wehder <[email protected]>
@myteron myteron mentioned this issue Jun 28, 2024
Merged
tommcd added a commit to tommcd/wg-best-practices-os-developers that referenced this issue Jul 29, 2024
@tommcd
Moving CWE-426 from confluence for ossf#531
4e201bf 
Signed-off-by: emcdtho <[email protected]>
@tommcd tommcd mentioned this issue Jul 29, 2024
Merged
myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Aug 8, 2024
@myteron
As part of ossf#531, adding documentation to CWE-665
2c9810f 
Signed-off-by: Helge Wehder <[email protected]>
@myteron myteron mentioned this issue Aug 8, 2024
Merged
@gkunz gkunz mentioned this issue Aug 14, 2024
Merged
myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Sep 5, 2024
@myteron
Adding documentation as part of ossf#531
d5d2ce0 
Signed-off-by: Helge Wehder <[email protected]>
myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Sep 5, 2024
@myteron
Adding documentation to CWE-197 as part of ossf#531
c99460a 
Signed-off-by: Helge Wehder <[email protected]>
@myteron myteron mentioned this issue Sep 5, 2024
Merged
myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Sep 12, 2024
@myteron
Update README.md for CWE-197
e5d2560 
As part of ossf#531, addressing comments during review

Signed-off-by: myteron <[email protected]>
myteron added a commit that referenced this issue Sep 18, 2024
@myteron
Merge pull request #614 from myteron/pyDoc2GitHub_CWE-197
347d122 
Adding documentation to CWE-197 as part of #531
s19110 added a commit to s19110/wg-best-practices-os-developers that referenced this issue Sep 19, 2024
@s19110
Adding documentation to CWE-595 as part of ossf#531
cb7784b 
Signed-off-by: edanhub <[email protected]>
@s19110 s19110 mentioned this issue Sep 19, 2024
Merged
s19110 added a commit to s19110/wg-best-practices-os-developers that referenced this issue Sep 26, 2024
@s19110
Adding documentation to CWE-681 as part of ossf#531
404cd37 
Signed-off-by: edanhub <[email protected]>
@s19110 s19110 mentioned this issue Sep 26, 2024
Merged
myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Sep 26, 2024
@myteron
Moving CWE-390 code example to GitHub as part of ossf#531
68999d0 
Signed-off-by: Helge Wehder <[email protected]>
@myteron myteron mentioned this issue Sep 26, 2024
Merged
gkunz added a commit that referenced this issue Sep 26, 2024
@gkunz
Merge pull request #619 from s19110/pyDoc2GitHub_CWE-595
1d2a7a0 
Adding documentation to CWE-595 as part of #531
myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Sep 26, 2024
@myteron
CWE-390 was missing in main readme.md
25d8c66 
updated as part of ossf#531

Signed-off-by: Helge Wehder <[email protected]>
myteron pushed a commit that referenced this issue Oct 2, 2024
@s19110
Adding documentation to CWE-681 as part of #531 (#633)
84fff9a 
* Adding documentation to CWE-681 as part of #531

Signed-off-by: edanhub <[email protected]>

* Update main README.md for CWE-681 and CWE-595

Signed-off-by: edanhub <[email protected]>

---------

Signed-off-by: edanhub <[email protected]>
myteron added a commit that referenced this issue Oct 3, 2024
@myteron
Moving CWE-390 code example to GitHub as part of #531 (#634)
be3ea01 
* Moving CWE-390 code example to GitHub as part of #531

Signed-off-by: Helge Wehder <[email protected]>

* CWE-390 was missing in main readme.md
updated as part of #531

Signed-off-by: Helge Wehder <[email protected]>

---------

Signed-off-by: Helge Wehder <[email protected]>
myteron added a commit to myteron/wg-best-practices-os-developers that referenced this issue Oct 9, 2024
@myteron
Adding documentation for CWE-197 01 as part of ossf#531 to GitHub
4d67707 
Signed-off-by: Helge Wehder <[email protected]>
This was referenced Oct 9, 2024
Merged
Merged
s19110 added a commit to s19110/wg-best-practices-os-developers that referenced this issue Oct 10, 2024
@s19110
Adding documentation to CWE-617 as part of ossf#531
06365ca 
Signed-off-by: edanhub <[email protected]>
@s19110 s19110 mentioned this issue Oct 10, 2024
Merged
@myteron myteron changed the title Python guide: Doc2GitHub, moving code from an Ericsson internal confluence to this GitHub space. Python guide: Doc2GitHub, moving code from an internal confluence to this GitHub space. Oct 11, 2024
@myteron myteron mentioned this issue Oct 16, 2024
Open
myteron pushed a commit that referenced this issue Oct 16, 2024
@s19110
Adding documentation to CWE-617 as part of #531 (#651)
8b675cc 
* Adding documentation to CWE-617 as part of #531

Signed-off-by: edanhub <[email protected]>

* Added cosmetic fixes for CWE-617

Signed-off-by: edanhub <[email protected]>

---------

Signed-off-by: edanhub <[email protected]>
myteron added a commit that referenced this issue Oct 17, 2024
@myteron
pyDoc2GitHub Adding documentation for CWE-197 01 as part of #531 to G…
e247db1 
…itHub (#649)

* Adding documentation for CWE-197 01 as part of #531 to GitHub
Signed-off-by: Helge Wehder <[email protected]>

* Fixed formatting according to comments

Signed-off-by: myteron <[email protected]>

* Update README.md

Adding link/reference to 8 rounding modes

Signed-off-by: myteron <[email protected]>

---------

Signed-off-by: myteron <[email protected]>
@myteron myteron changed the title Python guide: Doc2GitHub, moving code from an internal confluence to this GitHub space. pySCG: Doc2GitHub, moving code from an internal confluence to this GitHub space. Oct 22, 2024
@myteron myteron mentioned this issue Oct 29, 2024
Open
s19110 added a commit to s19110/wg-best-practices-os-developers that referenced this issue Oct 31, 2024
@s19110
Adding documentation to CWE-175 as part of ossf#531
9a71d3f 
Signed-off-by: edanhub <[email protected]>
@s19110 s19110 mentioned this issue Oct 31, 2024
Open
This was referenced Nov 1, 2024
Merged
Merged
myteron added a commit that referenced this issue Nov 8, 2024
@myteron
pySCG adding CWE-78 code and doc (#689)
5abf31f 
Adding doc and code for CWE-78 as part of #531 


Signed-off-by: Helge Wehder <[email protected]>
Co-authored-by: Georg Kunz <[email protected]> and BartyBoi1128
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Product: Python Hardening Guide
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@myteron @SecurityCRob