Secure Python code - volunteers for code review?

andrew blah andrew.stuart at xse.com.au
Wed Oct 13 05:21:03 CEST 2004


Hello

I have recently released catchmail - a free (BSD license) open source
Python utility www.users.bigpond.net.au/mysite/catchmail.htm

This script processes in and outbound emails and stores them to a
database.

The source code is here:
http://www.users.bigpond.net.au/mysite/current/catchmail.py

It's not a very long script (about 300 lines or so).

I'm quite concerned however about security and I'd like catchmail to be
as secure as possible.  What can be done to verify the security of this
script?

I would really value it if any security aware Python guru was able to
review the code from a security perspective.  It would be good to
ensure that python or sql code planted in an email or an attachment
could not execute and break out of the script - or that any other
security issue might arise.  But how - I don't have anything near the
level of Python expertise required to properly assess this script for
security risk?  If someone has the time to do a code review it would be
much appreciated.

Thanks in advance

Andrew Stuart
andrew dot stuart at xse dot com dot au




More information about the Python-list mailing list