Skip to content

Commit 9e072b4

Browse files
committed
fixes for PDF
1 parent 8aa06db commit 9e072b4

16 files changed

Lines changed: 108 additions & 21 deletions

constructs/assert.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -62,8 +62,7 @@ For AI-generated, Python programs you will see a lot of assert statement warning
6262

6363
For production code, especially when handling external inputs or executing critical logic, always rely on explicit condition checks and robust exception handling.
6464

65-
:::{admonition} Instead of an assert, use standard control flow and exception raising
66-
:class: hint
65+
:::{hint} Instead of an assert, use standard control flow and exception raising
6766

6867
* Use if/else checks: Explicitly validate inputs and conditions.
6968

constructs/builtins.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ Should always be reviewed within the full context. By default use of this functi
1515

1616
## Why check on `eval`
1717

18-
:::{admonition} Security risk
19-
:class: danger
18+
:::{danger} Security risk
19+
2020
`eval()` can execute arbitrary Python code.
2121

2222
If the input is user-controlled or from an untrusted source, this can be exploited.

constructs/constructs_intro.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,42 @@ short_title: Dangerous Python Constructs
66

77
Certain Python language features pose inherent security risks. The following subsections detail specific dangerous constructs found within the [Python Standard Library(PSL)](#PSL).
88

9+
+++{"no-pdf": true}
910

1011
:::{toc}
1112
:context: children
1213
:::
14+
15+
+++
16+
17+
:::{raw:typst}
18+
*Sections*
19+
20+
Assert Statement
21+
Input Statement
22+
Built-in Functions eval, exec and compile
23+
The os.chmod Function
24+
The socket.bind() Method
25+
Directory Creation
26+
Dynamic Import Statements
27+
Exception Statements
28+
TarFile Statement
29+
Insecure Hashing
30+
FTP Statement
31+
Marshal Statement
32+
Mktemp Statement
33+
Subprocess Statement
34+
OS System Calls
35+
Logging Configuration
36+
Base64 Statements
37+
HTTP Server Use
38+
Multiprocessing Module `Connection.recv()`
39+
Pickle Function
40+
Random Statement
41+
Shelve Module
42+
sys Module:Tracing and Profiling Hooks
43+
XML Security
44+
Zipfile Extraction
45+
Shutil Statement
46+
47+
:::

constructs/tarfile.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,7 @@ Using these methods in Python code can give serious security concerns.
88
## Security concerns
99

1010

11-
:::{admonition} The default rule is:
12-
:class: danger
11+
:::{danger} The default rule is:
1312
Assume all input is malicious.
1413
:::
1514

fundamentals/fundamentals_intro.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,33 @@ short_title: Fundamentals
99
Developing secure programs in Python requires understanding its strengths and limitations in handling security. Below are some critical insights and best practices to help you build secure Python applications.
1010

1111

12+
+++{"no-pdf": true}
13+
1214
The key fundamentals to really understand Python security weaknesses are outlined in the following sections:
1315

1416
:::{toc}
1517
:context: children
1618
:::
19+
20+
+++
21+
22+
23+
:::{raw:typst}
24+
25+
*Sections*
26+
27+
The key fundamentals to really understand Python security weaknesses are outlined in the following sections:
28+
29+
- Python Execution Model
30+
- Python bytecode security concerns
31+
- Python Threat Model
32+
- Python Attack Landscape
33+
- Python Software Dependencies and Definitions
34+
- Python Static Application Security Testing (SAST)
35+
- Using python -S for Enhanced Security
36+
- Python in Isolated Mode
37+
- Using AI for Python security
38+
- Limitations of Vulnerability Scanning in Python Software
39+
- SAST vs Vulnerability Scanning:A Comparison
40+
41+
:::

guidelines/guidelines_intro.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,10 @@ In many mature professions, checklists have become a mandatory safeguard against
1515

1616
![Checklists](../images/checklists.png)
1717

18+
+++{"no-pdf": true}
1819

1920
:::{toc}
2021
:context: children
2122
:::
23+
24+
+++

guidelines/securecoding.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -104,8 +104,7 @@ When using External Modules:
104104
+++
105105

106106

107-
:::{admonition} **Disclaimer**
108-
:class: note
107+
:::{note} **Disclaimer**
109108

110109
These **Python Secure Coding Guidelines** are based on real-world breaches and [CWE](https://cwe.mitre.org/index.html) entries from the *Most Dangerous Software Weaknesses* list.
111110

2.2 MB
Loading

introduction.md

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,7 @@ This book is created for modern Python use. This means all examples are minimal
2828
Security is a process that must be embedded within your development flow at every stage, from design through to production, maintenance, and operations. For those using or developing Python programs, this means that security should, at a minimum, be integrated into the initial design or architecture.
2929
:::
3030

31-
:::{admonition} TLDR - If you short on time
32-
:class: important
31+
:::{important} TLDR - If you short on time
3332
The bare minimum to do as programmer is:
3433
* Follow and use the [Python Secure Coding Guidelines](https://nocomplexity.com/documents/codeaudit/securecoding.html).
3534

@@ -43,6 +42,16 @@ and:
4342

4443
No single book can cover every aspect of Python security. Here are the **essential** companion resources that many Python developers and security consultants rely on to strengthen their skills and deliver better results.
4544

45+
:::{raw:typst}
46+
47+
- Security Testing for Python
48+
- Security By Design
49+
- Open Security Reference Architecture
50+
51+
Check: https://nocomplexity.com/simplify-security/
52+
:::
53+
54+
+++{"no-pdf": true}
4655
::::{grid} 1 1 2 3
4756

4857
:::{card} 😃 **Python Security Handbook**
@@ -91,6 +100,7 @@ Accelerate your Python security architecture work with proven patterns and desig
91100
:::
92101

93102
::::
103+
+++
94104

95105

96106
## Audience

myst.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ project:
1616

1717
extends:
1818
- toc.yml
19+
#- export.yml #For PDF creation - See https://nocomplexity.gumroad.com/ for the PDF!
1920

2021
site:
2122
parts:

0 commit comments

Comments
 (0)