[Python-checkins] bpo-39498 Start linking the security warnings in the stdlib modules (GH-18272) (GH-27699)

ambv webhook-mailer at python.org
Tue Aug 10 03:51:38 EDT 2021


https://github.com/python/cpython/commit/fcbe8c63d78b5dd59470b5808d898b87d8ba0350
commit: fcbe8c63d78b5dd59470b5808d898b87d8ba0350
branch: 3.9
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: ambv <lukasz at langa.pl>
date: 2021-08-10T09:51:33+02:00
summary:

bpo-39498 Start linking the security warnings in the stdlib modules (GH-18272) (GH-27699)

Co-authored-by: Łukasz Langa <lukasz at langa.pl>
(cherry picked from commit c5c5326d4799fe4ae566aff32ed3461af95859cc)

Co-authored-by: Anthony Shaw <anthony.p.shaw at gmail.com>

files:
A Doc/library/security_warnings.rst
A Misc/NEWS.d/next/Documentation/2020-01-30-05-18-48.bpo-39498.Nu3sFL.rst
M Doc/library/hashlib.rst
M Doc/library/index.rst
M Doc/library/logging.config.rst
M Doc/library/multiprocessing.rst
M Doc/library/shelve.rst
M Doc/library/subprocess.rst
M Doc/library/tempfile.rst
M Doc/library/zipfile.rst

diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst
index 5a507c12d7f12..615ee116bbb0b 100644
--- a/Doc/library/hashlib.rst
+++ b/Doc/library/hashlib.rst
@@ -80,6 +80,8 @@ library that Python uses on your platform. On most platforms the
 .. versionadded:: 3.6
    :func:`blake2b` and :func:`blake2s` were added.
 
+.. _hashlib-usedforsecurity:
+
 .. versionchanged:: 3.9
    All hashlib constructors take a keyword-only argument *usedforsecurity*
    with default value ``True``. A false value allows the use of insecure and
diff --git a/Doc/library/index.rst b/Doc/library/index.rst
index 2cddb417da82e..0fd6e4c0d0b01 100644
--- a/Doc/library/index.rst
+++ b/Doc/library/index.rst
@@ -76,3 +76,4 @@ the `Python Package Index <https://pypi.org>`_.
    unix.rst
    superseded.rst
    undoc.rst
+   security_warnings.rst
diff --git a/Doc/library/logging.config.rst b/Doc/library/logging.config.rst
index 0b5e2fc2a658d..ab44850549c0c 100644
--- a/Doc/library/logging.config.rst
+++ b/Doc/library/logging.config.rst
@@ -147,6 +147,8 @@ in :mod:`logging` itself) and defining handlers which are declared either in
    send it to the socket as a sequence of bytes preceded by a four-byte length
    string packed in binary using ``struct.pack('>L', n)``.
 
+   .. _logging-eval-security:
+
    .. note::
 
       Because portions of the configuration are passed through
diff --git a/Doc/library/multiprocessing.rst b/Doc/library/multiprocessing.rst
index def27bf07a03e..952a5b40a0d1f 100644
--- a/Doc/library/multiprocessing.rst
+++ b/Doc/library/multiprocessing.rst
@@ -1187,6 +1187,7 @@ For example:
     >>> arr2
     array('i', [0, 1, 2, 3, 4, 0, 0, 0, 0, 0])
 
+.. _multiprocessing-recv-pickle-security:
 
 .. warning::
 
diff --git a/Doc/library/security_warnings.rst b/Doc/library/security_warnings.rst
new file mode 100644
index 0000000000000..61fd4e6e487f7
--- /dev/null
+++ b/Doc/library/security_warnings.rst
@@ -0,0 +1,32 @@
+.. _security-warnings:
+
+.. index:: single: security considerations
+
+Security Considerations
+=======================
+
+The following modules have specific security considerations:
+
+* :mod:`cgi`: :ref:`CGI security considerations <cgi-security>`
+* :mod:`hashlib`: :ref:`all constructors take a "usedforsecurity" keyword-only
+  argument disabling known insecure and blocked algorithms
+  <hashlib-usedforsecurity>`
+* :mod:`http.server` is not suitable for production use, only implementing
+  basic security checks
+* :mod:`logging`: :ref:`Logging configuration uses eval()
+  <logging-eval-security>`
+* :mod:`multiprocessing`: :ref:`Connection.recv() uses pickle
+  <multiprocessing-recv-pickle-security>`
+* :mod:`pickle`: :ref:`Restricting globals in pickle <pickle-restrict>`
+* :mod:`random` shouldn't be used for security purposes, use :mod:`secrets`
+  instead
+* :mod:`shelve`: :ref:`shelve is based on pickle and thus unsuitable for
+  dealing with untrusted sources <shelve-security>`
+* :mod:`ssl`: :ref:`SSL/TLS security considerations <ssl-security>`
+* :mod:`subprocess`: :ref:`Subprocess security considerations
+  <subprocess-security>`
+* :mod:`tempfile`: :ref:`mktemp is deprecated due to vulnerability to race
+  conditions <tempfile-mktemp-deprecated>`
+* :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>`
+* :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume
+  exhaustion <zipfile-resources-limitations>`
diff --git a/Doc/library/shelve.rst b/Doc/library/shelve.rst
index 87bacb6c32442..98ad408252861 100644
--- a/Doc/library/shelve.rst
+++ b/Doc/library/shelve.rst
@@ -49,6 +49,8 @@ lots of shared  sub-objects.  The keys are ordinary strings.
           with shelve.open('spam') as db:
               db['eggs'] = 'eggs'
 
+.. _shelve-security:
+
 .. warning::
 
    Because the :mod:`shelve` module is backed by :mod:`pickle`, it is insecure
diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst
index 2e9540ec48ce1..57a3285f8f4d8 100644
--- a/Doc/library/subprocess.rst
+++ b/Doc/library/subprocess.rst
@@ -683,6 +683,7 @@ Exceptions defined in this module all inherit from :exc:`SubprocessError`.
    .. versionadded:: 3.3
       The :exc:`SubprocessError` base class was added.
 
+.. _subprocess-security:
 
 Security Considerations
 -----------------------
diff --git a/Doc/library/tempfile.rst b/Doc/library/tempfile.rst
index f9421da5fe7df..915489fadd401 100644
--- a/Doc/library/tempfile.rst
+++ b/Doc/library/tempfile.rst
@@ -315,6 +315,7 @@ Here are some examples of typical usage of the :mod:`tempfile` module::
     >>>
     # directory and contents have been removed
 
+.. _tempfile-mktemp-deprecated:
 
 Deprecated functions and variables
 ----------------------------------
diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst
index d55a308be7651..3d1e8d8c468dc 100644
--- a/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@@ -848,6 +848,8 @@ Exceeding limitations on different file systems can cause decompression failed.
 Such as allowable characters in the directory entries, length of the file name,
 length of the pathname, size of a single file, and number of files, etc.
 
+.. _zipfile-resources-limitations:
+
 Resources limitations
 ~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/Misc/NEWS.d/next/Documentation/2020-01-30-05-18-48.bpo-39498.Nu3sFL.rst b/Misc/NEWS.d/next/Documentation/2020-01-30-05-18-48.bpo-39498.Nu3sFL.rst
new file mode 100644
index 0000000000000..a3e899a80a0fc
--- /dev/null
+++ b/Misc/NEWS.d/next/Documentation/2020-01-30-05-18-48.bpo-39498.Nu3sFL.rst
@@ -0,0 +1 @@
+Add a "Security Considerations" index which links to standard library modules that have explicitly documented security considerations.



More information about the Python-checkins mailing list