Report on Python vulnerabilities
Hi, I created a tool to generate a report on Python vulnerabilities: http://python-security.readthedocs.io/vulnerabilities.html I collected data of 41 vulnerabilities since 2007 (first Python CVE: CVE-2007-4965). If you would like to add data of a new vulnerability, enhance the report, ... : see the GitHub project. https://github.com/haypo/python-security The main data file is vulnerabilities.yml (YAML). I also filled manually the python_releases.txt: file: list of all release dates from Python 2.5.0 to Python 3.6.0. The tool compute the first Python release in each branch which includes the fix from a list of commits. The tool should help to track if vulnerabilities are fixed in all supported Python versions (branches accepting security fixes). I also started to collect some notes about Python security in general, evolution of th ssl module, etc. in the same documentation. Victor
On 23 February 2017 at 11:15, Victor Stinner <victor.stinner@gmail.com> wrote:
Hi,
I created a tool to generate a report on Python vulnerabilities:
http://python-security.readthedocs.io/vulnerabilities.html
I collected data of 41 vulnerabilities since 2007 (first Python CVE: CVE-2007-4965).
Very handy!
If you would like to add data of a new vulnerability, enhance the report, ... : see the GitHub project.
https://github.com/haypo/python-security
The main data file is vulnerabilities.yml (YAML). I also filled manually the python_releases.txt: file: list of all release dates from Python 2.5.0 to Python 3.6.0.
The tool compute the first Python release in each branch which includes the fix from a list of commits.
The main idea that comes to mind is finding a way to add a "Fixed In" column to the summary table to get a quick overview of which versions were affected. Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia
2017-02-24 11:06 GMT+01:00 Nick Coghlan <ncoghlan@gmail.com>:
The main idea that comes to mind is finding a way to add a "Fixed In" column to the summary table to get a quick overview of which versions were affected.
I had this column, just I just removed it before my email to python-dev because the table was too wide. I fixed my script: I reimplemented the tabulate for my needs, to support multiline table cells. I also enhanced the compilation process for ReadTheDocs to be able to remove the generated vulnerabilities.rst file from Git. Victor
participants (2)
-
Nick Coghlan -
Victor Stinner