Signpost security considerations in library #83679
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
assignee = None closed_at = <Date 2021-08-10.07:52:07.617> created_at = <Date 2020-01-30.05:14:32.157> labels = ['type-feature', 'docs'] title = 'Signpost security considerations in library' updated_at = <Date 2021-08-10.07:52:07.617> user = 'https://github.com/tonybaloney'
activity = <Date 2021-08-10.07:52:07.617> actor = 'lukasz.langa' assignee = 'docs@python' closed = True closed_date = <Date 2021-08-10.07:52:07.617> closer = 'lukasz.langa' components = ['Documentation'] creation = <Date 2020-01-30.05:14:32.157> creator = 'anthonypjshaw' dependencies =  files =  hgrepos =  issue_num = 39498 keywords = ['patch'] message_count = 9.0 messages = ['361009', '361697', '361746', '372288', '372302', '372303', '399293', '399299', '399300'] nosy_count = 8.0 nosy_names = ['christian.heimes', 'eric.araujo', 'docs@python', 'lukasz.langa', 'willingc', 'mdk', 'anthonypjshaw', 'miss-islington'] pr_nums = ['18272', '27696', '27699'] priority = 'normal' resolution = 'fixed' stage = 'resolved' status = 'closed' superseder = None type = 'enhancement' url = 'https://bugs.python.org/issue39498' versions = 
The text was updated successfully, but these errors were encountered:
Within the documentation, there are some really important security considerations for standard library modules. e.g. subprocess, ssl, pickle, xml.
There is currently no "index" of these, so you have to go hunting for them. They're easter eggs within the docs. There isn't a unique admonition type either, so you have to search across many criteria.
In particular for security researchers, it would be useful to consolidate and signpost these security best-practices in one index.
PR to follow,
Asked on gh:
(I'm not sure to understand the question exactly)
I think it could be usefull from a reviewer point of view to have such index so he can iterate over it and check point by point if the code is OK.
In this case, linking to all notes like "beware, wrong usage of this could lead to security issues" looks what's needed in this index.
Anthony: did you opened the issue with this in mind or any other usages?