[Openstack-security] Automated detection of anti patterns
David Stanek
dstanek at dstanek.com
Thu May 29 17:45:04 UTC 2014
Hi Travis,
That sounds like a great idea. Are you able to publish it somewhere?
On Thu, May 29, 2014 at 1:18 PM, Travis McPeak <Travis_McPeak at symantec.com>
wrote:
> I¹ve been working on a tool that will look through Python code instances
> of something. Right now it is a simple case and I¹m using it to look for
> crypto library imports and calls, but I¹m envisioning expanding
> functionality to be more versatile eventually. This might be a good place
> to automatically scan for anti patterns.
>
> Thanks,
> -Travis
>
>
>
>
> On 5/29/14, 10:13 AM, "openstack-security-request at lists.openstack.org"
> <openstack-security-request at lists.openstack.org> wrote:
>
> >Thank you Malini!
> >I added some classic anti-pattern to the list.
> >
> >Now I wonder how to verify those automatically.
> >I'm afraid grep won't be enough, we might want to look at a simple ast
> >representation that we can use to inspect dangerous function call.
> >
> >Would a PoC that highlight subprocess call with shell=True still be
> >useful or do we already have something in mind ?
> >
> >Best regards,
> >Tristan
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
--
David
blog: http://www.traceback.org
twitter: http://twitter.com/dstanek
www: http://dstanek.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140529/3aa118e5/attachment.html>
More information about the Openstack-security
mailing list