Secure Python code - volunteers for code review?
andrew blah
andrew.stuart at xse.com.au
Tue Oct 12 23:21:03 EDT 2004
Hello
I have recently released catchmail - a free (BSD license) open source
Python utility www.users.bigpond.net.au/mysite/catchmail.htm
This script processes in and outbound emails and stores them to a
database.
The source code is here:
http://www.users.bigpond.net.au/mysite/current/catchmail.py
It's not a very long script (about 300 lines or so).
I'm quite concerned however about security and I'd like catchmail to be
as secure as possible. What can be done to verify the security of this
script?
I would really value it if any security aware Python guru was able to
review the code from a security perspective. It would be good to
ensure that python or sql code planted in an email or an attachment
could not execute and break out of the script - or that any other
security issue might arise. But how - I don't have anything near the
level of Python expertise required to properly assess this script for
security risk? If someone has the time to do a code review it would be
much appreciated.
Thanks in advance
Andrew Stuart
andrew dot stuart at xse dot com dot au
More information about the Python-list
mailing list