The Python Programming Language
Python provides memory safety by default, so low-level security vulnerabilities are rare and typically needs fixing the Python interpreter or standard library itself.
Other sections with Python-specific advice include:
Dangerous Standard Library Features
Some areas of the standard library, notably the
ctypes
module, do not provide memory safety
guarantees comparable to the rest of Python. If such
functionality is used, the advice in Defensive Coding in C should be followed.
Run-time Compilation and Code Generation
The following Python functions and statements related to code execution should be avoided:
-
compile
-
eval
-
exec
-
execfile
If you need to parse integers or floating point values, use the
int
and float
functions instead of eval
. Sandboxing
untrusted Python code does not work reliably.
Sandboxing
The rexec
Python module cannot safely sandbox
untrusted code and should not be used. The standard CPython
implementation is not suitable for sandboxing.
Want to help? Learn how to contribute to Fedora Docs ›