Graded Discussion: Programming Style Guides
. Access restricted after availability ends.
Subscribe
Programming style guides exist for practically every programming language including Python.
After you have successfully installed pylint on your desktop (see the Install Python guide in week 1 content), create a simple Python application and save the file in an appropriately named file. The application should be unique (something you create) and be less than 10 lines of code. For example, you could write a simple math calculation or a query asking the user for their favorite color/food or other item.
The goal is to write a few lines of code and then analyze the code using using pylint and then discuss the results and steps to fixing each recommendation from pylint.
Work to remove all issues making the code a “10.00 out of 10”. Include your code as well as each output report showing how you resolved each error code in the pylint output.
Input Validation
Access restricted after availability ends.
Subscribe
To date, we haven’t talked too much about handling possible input errors resulting from a user either accidentally or purposely entering incorrect data that is used by the program. This discussion will allow you to take some of your previous code from week 1 or week 2 and make adjustments such that input errors are handled gracefully.
Using code you developed in week 1 or week 2 and the guidance found in this document:
http://easypythondocs.com/validation.html
use one of the two methods suggested along one or more of the validation techniques provided and fix your code to gracefully and securely handle user input errors.
Just pick a smaller section of the code to fix. Provide the code before and after the fix. Be sure to demonstrate the new fix works as expected by providing screen captures.
Bandit Vulnerability Detection
Access restricted after availability ends.
Subscribe
Python is a popular programming language and has been labeled as having a safe core. However, specific code implementation can lead to risky and vulnerable applications. Bandit is a tool that can be used to check existing code for possible vulnerabilities.
For example, the following code (albeit maybe not that useful) has a potential concern as the exception is not logged. Instead we just continue.
print (‘Hello from Python 3’)
count=0
while count<5:
try:
count+=1
print(str(count))
except Exception:
continue
If you run bandit on the directory on this code, you will receive this message:
Test results:
>> Issue: [B112:try_except_continue] Try, Except, Continue detected.
Severity: Low Confidence: High
…
You can install bandit using this syntax at the command prompt:
pip install bandit
You can run bandit using this syntax at the shell:
bandit -r path/to/file/
where path/to/file/ is the location of your files.
For this exercise, place your python code from the previous labs from this class into a folder of your choice and run the bandit analysis.
For example, if I placed my python files in c:/users/jim/SDEVFiles, I would use the following to run bandit and output the results to a filenamed myVulns.txt
bandit -r C:/Users/jim/SDEVFiles > myVulns.txt
You can then open myVulns.txt to reveal possible issues.
Share your output with the class and pick one vulnerability and research how you could fix it. If you don’t have any vulnerabilities, look at another student’s submitted file and provide some insights into the findings.
Flask Security Considerations
Access restricted after availability ends.
Subscribe
Securing websites remains a high priority for all agencies, corporations, and universities. The OWASP top ten web application vulnerability list is updated approximately every 3 years. Read the most current version (found in the content area for this week) to become familiar with common attacks, vulnerabilities and mitigations.
List 2 of the OWASP top 10 lists that you are particularly interested. Describe the vulnerability and a best practice to mitigate the vulnerability.