[Openstack-security] Automated detection of anti patterns
Travis McPeak
Travis_McPeak at symantec.com
Thu May 29 17:18:41 UTC 2014
I¹ve been working on a tool that will look through Python code instances
of something. Right now it is a simple case and I¹m using it to look for
crypto library imports and calls, but I¹m envisioning expanding
functionality to be more versatile eventually. This might be a good place
to automatically scan for anti patterns.
Thanks,
-Travis
On 5/29/14, 10:13 AM, "openstack-security-request at lists.openstack.org"
<openstack-security-request at lists.openstack.org> wrote:
>Thank you Malini!
>I added some classic anti-pattern to the list.
>
>Now I wonder how to verify those automatically.
>I'm afraid grep won't be enough, we might want to look at a simple ast
>representation that we can use to inspect dangerous function call.
>
>Would a PoC that highlight subprocess call with shell=True still be
>useful or do we already have something in mind ?
>
>Best regards,
>Tristan
More information about the Openstack-security
mailing list