From d657da8155cc9611b901ea052f3eac28f99122b4 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Tue, 10 Aug 2021 00:51:06 -0700 Subject: bpo-39498 Start linking the security warnings in the stdlib modules (GH-18272) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ɓukasz Langa (cherry picked from commit c5c5326d4799fe4ae566aff32ed3461af95859cc) Co-authored-by: Anthony Shaw --- Doc/library/hashlib.rst | 2 ++ Doc/library/index.rst | 1 + Doc/library/logging.config.rst | 2 ++ Doc/library/multiprocessing.rst | 1 + Doc/library/security_warnings.rst | 32 ++++++++++++++++++++++ Doc/library/shelve.rst | 2 ++ Doc/library/subprocess.rst | 1 + Doc/library/tempfile.rst | 1 + Doc/library/zipfile.rst | 2 ++ .../2020-01-30-05-18-48.bpo-39498.Nu3sFL.rst | 1 + 10 files changed, 45 insertions(+) create mode 100644 Doc/library/security_warnings.rst create mode 100644 Misc/NEWS.d/next/Documentation/2020-01-30-05-18-48.bpo-39498.Nu3sFL.rst diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst index d22efa2..37addee 100644 --- a/Doc/library/hashlib.rst +++ b/Doc/library/hashlib.rst @@ -80,6 +80,8 @@ library that Python uses on your platform. On most platforms the .. versionadded:: 3.6 :func:`blake2b` and :func:`blake2s` were added. +.. _hashlib-usedforsecurity: + .. versionchanged:: 3.9 All hashlib constructors take a keyword-only argument *usedforsecurity* with default value ``True``. A false value allows the use of insecure and diff --git a/Doc/library/index.rst b/Doc/library/index.rst index 1a9e52e..db8f0d9 100644 --- a/Doc/library/index.rst +++ b/Doc/library/index.rst @@ -75,3 +75,4 @@ the `Python Package Index `_. unix.rst superseded.rst undoc.rst + security_warnings.rst diff --git a/Doc/library/logging.config.rst b/Doc/library/logging.config.rst index f833bcd..d3478a9 100644 --- a/Doc/library/logging.config.rst +++ b/Doc/library/logging.config.rst @@ -152,6 +152,8 @@ in :mod:`logging` itself) and defining handlers which are declared either in send it to the socket as a sequence of bytes preceded by a four-byte length string packed in binary using ``struct.pack('>L', n)``. + .. _logging-eval-security: + .. note:: Because portions of the configuration are passed through diff --git a/Doc/library/multiprocessing.rst b/Doc/library/multiprocessing.rst index ae4f7bf..945ac42 100644 --- a/Doc/library/multiprocessing.rst +++ b/Doc/library/multiprocessing.rst @@ -1187,6 +1187,7 @@ For example: >>> arr2 array('i', [0, 1, 2, 3, 4, 0, 0, 0, 0, 0]) +.. _multiprocessing-recv-pickle-security: .. warning:: diff --git a/Doc/library/security_warnings.rst b/Doc/library/security_warnings.rst new file mode 100644 index 0000000..61fd4e6 --- /dev/null +++ b/Doc/library/security_warnings.rst @@ -0,0 +1,32 @@ +.. _security-warnings: + +.. index:: single: security considerations + +Security Considerations +======================= + +The following modules have specific security considerations: + +* :mod:`cgi`: :ref:`CGI security considerations ` +* :mod:`hashlib`: :ref:`all constructors take a "usedforsecurity" keyword-only + argument disabling known insecure and blocked algorithms + ` +* :mod:`http.server` is not suitable for production use, only implementing + basic security checks +* :mod:`logging`: :ref:`Logging configuration uses eval() + ` +* :mod:`multiprocessing`: :ref:`Connection.recv() uses pickle + ` +* :mod:`pickle`: :ref:`Restricting globals in pickle ` +* :mod:`random` shouldn't be used for security purposes, use :mod:`secrets` + instead +* :mod:`shelve`: :ref:`shelve is based on pickle and thus unsuitable for + dealing with untrusted sources ` +* :mod:`ssl`: :ref:`SSL/TLS security considerations ` +* :mod:`subprocess`: :ref:`Subprocess security considerations + ` +* :mod:`tempfile`: :ref:`mktemp is deprecated due to vulnerability to race + conditions ` +* :mod:`xml`: :ref:`XML vulnerabilities ` +* :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume + exhaustion ` diff --git a/Doc/library/shelve.rst b/Doc/library/shelve.rst index 1031888..684f239 100644 --- a/Doc/library/shelve.rst +++ b/Doc/library/shelve.rst @@ -54,6 +54,8 @@ lots of shared sub-objects. The keys are ordinary strings. with shelve.open('spam') as db: db['eggs'] = 'eggs' +.. _shelve-security: + .. warning:: Because the :mod:`shelve` module is backed by :mod:`pickle`, it is insecure diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst index a950474..af54633 100644 --- a/Doc/library/subprocess.rst +++ b/Doc/library/subprocess.rst @@ -710,6 +710,7 @@ Exceptions defined in this module all inherit from :exc:`SubprocessError`. .. versionadded:: 3.3 The :exc:`SubprocessError` base class was added. +.. _subprocess-security: Security Considerations ----------------------- diff --git a/Doc/library/tempfile.rst b/Doc/library/tempfile.rst index 2970252..b8a5fa0 100644 --- a/Doc/library/tempfile.rst +++ b/Doc/library/tempfile.rst @@ -341,6 +341,7 @@ Here are some examples of typical usage of the :mod:`tempfile` module:: >>> # directory and contents have been removed +.. _tempfile-mktemp-deprecated: Deprecated functions and variables ---------------------------------- diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst index 4888838..43520b6 100644 --- a/Doc/library/zipfile.rst +++ b/Doc/library/zipfile.rst @@ -861,6 +861,8 @@ Exceeding limitations on different file systems can cause decompression failed. Such as allowable characters in the directory entries, length of the file name, length of the pathname, size of a single file, and number of files, etc. +.. _zipfile-resources-limitations: + Resources limitations ~~~~~~~~~~~~~~~~~~~~~ diff --git a/Misc/NEWS.d/next/Documentation/2020-01-30-05-18-48.bpo-39498.Nu3sFL.rst b/Misc/NEWS.d/next/Documentation/2020-01-30-05-18-48.bpo-39498.Nu3sFL.rst new file mode 100644 index 0000000..a3e899a --- /dev/null +++ b/Misc/NEWS.d/next/Documentation/2020-01-30-05-18-48.bpo-39498.Nu3sFL.rst @@ -0,0 +1 @@ +Add a "Security Considerations" index which links to standard library modules that have explicitly documented security considerations. -- cgit v0.12