[Python-Dev] IEEE/ISO draft on Python vulnerabilities
victor.stinner at haypocalc.com
Mon Dec 12 23:56:50 CET 2011
>>> IEEE/ISO are working on a draft document about Python vulunerabilities: http://grouper.ieee.org/groups/plv/DocLog/300-399/360-thru-379/22-WG23-N-0372/n0372.pdf (in the context of a larger effort to classify vulnerabilities in all languages: ISO/IEC TR 24772:2010, available from ISO at no cost at: http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html (its link is near the bottom of the web page).
Random comments. I didn't read everything.
"Vulnerability descriptions for the language Python Standards
and terminology based on the 3.x standard only."
"Automatic conversion also occurs when an integer becomes too large to
fit within the constraints of the large integer specified in the
language (typically C) used to create the Python interpreter. On a
32‐bit machine this would be the range ‐2^30 to 2^30‐1. When an integer
becomes too large to fit into that range it is converted to an extended
precision integer of arbitrary length."
"otherwise, if either argument is a floating point number, the other is
converted to floating otherwise, if either argument is a long integer,
the other is converted to long integer;"
10 and 2**1024 have the same type (int) in Python 3. I don't really
understand what "extended precision" means. There are no more "long"
"Python.16 Wrap‐around Error [XYY]"
"... exception handling for floating point operations cannot be assumed
to catch this type of error because they are not standardized in the
underlying C language."
Can you give me an example of such problem? If there is really an issue,
can we configure the FPU to catch such error?
pyfpe.h has PyFPE_START_PROTECT and PyFPE_END_PROTECT macros, but they
do nothing by default. You can to enable this protection using
"if(y > 0):print(x)"
Even if this example is valid, it is surprising to see parenthesis
around the condition in Python.
"if y > 0: print(x)"
"if y > 0:
would be better.
"Python also encourages structured programming by not introducing any of
the following constructs which could easily lead to unstructured code:
- Labels and branching statements such as GO TO;
- Case, GO TO DEPENDING, EVALUATE, switch and other statements that
branch dependent on a variable’s value; and
- ALTER which changes GO TO label to branch to a different label."
You have to modify the language (and so build your own interpreter) to
add a "goto" instruction to Python. Or do you mean that someone may want
to implement something like goto using exceptions for example?
"When sorting a list using the sort() method, attempting to inspect or
mutate the content of the list will result in undefined behaviour."
Oh... I never imagined such "use case". Let's try:
Python 3.3.0a0 (default:3ad7d01acbf4+, Dec 12 2011, 21:07:55)
>>> def hack(x):
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: list modified during sort
Same behaviour with Python 2.7 and 3.2: so the Python behaviour is
defined, you get a ValueError.
Are there other ways to inspect or mutate a list while sorting it?
"The sequence of keys in a dictionary is undefined because the hashing
function used to index the keys is unspecified therefore different
implementations are likely to yield different sequences."
Exact. You might mention that collections.OrderedDict has a defined
behaviour: it lists keys (and values) in the insertion order.
"Mixing tabs and spaces to indent is defined differently for UNIX and
You can use the -tt command line option to raise an IndentationError (a
block can still be indented using spaces and tabs).
More information about the Python-Dev