bpo-39498 Start linking the security warnings in the stdlib modules (GH-18272)

Co-authored-by: Łukasz Langa <lukasz@langa.pl>

1 files changed, 32 insertions, 0 deletions

diff --git a/Doc/library/security_warnings.rst b/Doc/library/security_warnings.rst
new file mode 100644
index 0000000..61fd4e6
--- /dev/null
+++ b/Doc/library/security_warnings.rst
@@ -0,0 +1,32 @@
+.. _security-warnings:
+
+.. index:: single: security considerations
+
+Security Considerations
+=======================
+
+The following modules have specific security considerations:
+
+* :mod:`cgi`: :ref:`CGI security considerations <cgi-security>`
+* :mod:`hashlib`: :ref:`all constructors take a "usedforsecurity" keyword-only
+  argument disabling known insecure and blocked algorithms
+  <hashlib-usedforsecurity>`
+* :mod:`http.server` is not suitable for production use, only implementing
+  basic security checks
+* :mod:`logging`: :ref:`Logging configuration uses eval()
+  <logging-eval-security>`
+* :mod:`multiprocessing`: :ref:`Connection.recv() uses pickle
+  <multiprocessing-recv-pickle-security>`
+* :mod:`pickle`: :ref:`Restricting globals in pickle <pickle-restrict>`
+* :mod:`random` shouldn't be used for security purposes, use :mod:`secrets`
+  instead
+* :mod:`shelve`: :ref:`shelve is based on pickle and thus unsuitable for
+  dealing with untrusted sources <shelve-security>`
+* :mod:`ssl`: :ref:`SSL/TLS security considerations <ssl-security>`
+* :mod:`subprocess`: :ref:`Subprocess security considerations
+  <subprocess-security>`
+* :mod:`tempfile`: :ref:`mktemp is deprecated due to vulnerability to race
+  conditions <tempfile-mktemp-deprecated>`
+* :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>`
+* :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume
+  exhaustion <zipfile-resources-limitations>`