Skip to content

pyscg-0009 - addressing issues described in #1053#1095

Open
s19110 wants to merge 9 commits into
ossf:mainfrom
s19110:issue_1053_pyscg_0009
Open

pyscg-0009 - addressing issues described in #1053#1095
s19110 wants to merge 9 commits into
ossf:mainfrom
s19110:issue_1053_pyscg_0009

Conversation

@s19110
Copy link
Copy Markdown
Contributor

@s19110 s19110 commented May 2, 2026
edited by myteron
Loading

I have added a new compliant code example that corresponds to noncompliant01.py, changed noncompliant02.py to include an attack for Windows OS, and changed the wording in the README to reflect the new changes.

this is to address #1053

s19110 added 2 commits May 2, 2026 12:21
@s19110
pyscg-0009 - addressing issues described in ossf#1053
ffed73f 
Signed-off-by: s19110 <hubertdan24@gmail.com>
@s19110
Added compliant01.py
3fd1a96 
Signed-off-by: s19110 <hubertdan24@gmail.com>
@s19110
Copy link
Copy Markdown
Contributor Author

s19110 commented May 2, 2026

Because I had to rename the original compliant01.py, git diff might be confusing. I have pushed the new code example as a separate commit, so you can see the changes to the original compliant01.py (that is now compliant02.py) by looking only at the first commit in this PR.

@s19110
Fixed markdown linter issues
9c318ce 
Signed-off-by: s19110 <hubertdan24@gmail.com>
@s19110 s19110 mentioned this pull request May 2, 2026
Open
BartKaras1128
BartKaras1128 reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@BartKaras1128 BartKaras1128 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few comments, looks good besides that!

Comment thread docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-0009/README.md Outdated
Comment thread docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-0009/compliant01.py Outdated
Comment thread docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-0009/README.md Outdated
Comment thread docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-0009/README.md Outdated
Comment thread docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-0009/README.md Outdated
Comment thread docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-0009/README.md Outdated
myteron
myteron requested changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@myteron myteron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

first examples have nonmatching exploit sections.
2nd example is using cmd /c on windows, I provided an alternative code example using a powershell command that acts similar in windows to find . -exec in linux.

Comment thread docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-0009/compliant01.py
s19110 and others added 6 commits May 23, 2026 17:08
@s19110 @BartKaras1128
Update docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-00…
132025d 
…09/README.md

Co-authored-by: Bartlomiej Karas <moezarts@gmail.com>
Signed-off-by: Hubert Daniszewski <61824500+s19110@users.noreply.github.com>
@s19110 @BartKaras1128
Update docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-00…
c5de919 
…09/README.md

Co-authored-by: Bartlomiej Karas <moezarts@gmail.com>
Signed-off-by: Hubert Daniszewski <61824500+s19110@users.noreply.github.com>
@s19110 @BartKaras1128
Update docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-00…
b6fec4e 
…09/README.md

Co-authored-by: Bartlomiej Karas <moezarts@gmail.com>
Signed-off-by: Hubert Daniszewski <61824500+s19110@users.noreply.github.com>
@s19110 @BartKaras1128
Update docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-00…
7e31411 
…09/compliant01.py

Co-authored-by: Bartlomiej Karas <moezarts@gmail.com>
Signed-off-by: Hubert Daniszewski <61824500+s19110@users.noreply.github.com>
@s19110 @BartKaras1128
Update docs/Secure-Coding-Guide-for-Python/04_neutralization/pyscg-00…
4a43f23 
…09/README.md

Co-authored-by: Bartlomiej Karas <moezarts@gmail.com>
Signed-off-by: Hubert Daniszewski <61824500+s19110@users.noreply.github.com>
@s19110
Expanded compliant01.py explanation in README
9dce844 
Signed-off-by: Hubert Daniszewski <61824500+s19110@users.noreply.github.com>
@s19110
Copy link
Copy Markdown
Contributor Author

s19110 commented May 23, 2026

Thank you @myteron and @BartKaras1128 for the reviews! I have made changes to this PR to include your suggestions.

@myteron, I couldn't find the powershell command you mentioned in your comment. Could you please send it to me in another comment or suggestion?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@myteron myteron myteron requested changes

+1 more reviewer

@BartKaras1128 BartKaras1128 BartKaras1128 left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

Product: Python Hardening Guide

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@s19110 @myteron @BartKaras1128