Reply to post: Magic Quandrant

About half of Python libraries in PyPI may have security issues, boffins say


Magic Quandrant

So I have access to a SAST scanner and decided to run 'pbcore', one with over 1000 detected issues in their tests.

With the scanner and settings I used I picked up 16 issues. Only one being rated in the most dangerous category, as there is a potential for command injection when launching shell processes. It doesn't seem like this are FP's, maybe in python programming you're supposed to filter any user input before you get to modules like this. I can't say I'm a python programmer.

Are there issues in PyPI libs, yes. But from an initial glance they are not anywhere near what the paper is describing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021