1.0.9: Merge pull request #9 from tonybaloney/timing_attacks

Timing attacks and other fun things

v1.0.8

• Notification summarising package scan, even when no issues are found
• Issues warning notification when no Python SDK is configured
• Various minor bug fixes

1.0.7

Fixed a bug when instantiating the vulnerability database at startup.

1.0.6

Update versions

v1.0.5

• Patches the package matcher to work with version ranges (PEP440)

1.0.4

PyCharm Python Security plugin

A plugin to run security checks for common flaws in Python code and suggest quick fixes.

SafetyDB

This plugin will check the installed packages in your Python projects against the SafetyDB and raise a warning for any vulnerabilities.

Current checks

• YML100 Use of yaml.load() can cause arbitrary code execution. Suggests and has a "Quick Fix" to replace with safe_load() using existing arguments
• FLK100 Use of debug=True when instantiating flask applications
• RQ100 Use of verify=False when making HTTP requests using the requests package
• RQ101 Use of verify=False when making HTTP requests using the httpx package
• PR100 Use of shell=True when running subprocess.call from the standard library
• TMP100 Use of tempfile.mktemp
• DJG100 Setting DEBUG = True in a settings.py file (assumed Django project settings)

Release History

1.0.4

• Checks installed packages against safetydb and alerts for any known vulnerabilities

1.0.3

• Added django debug mode check
• Added tempfile.mktemp check with fixer to replace tempfile.mkstemp with existing arguments
• Added subprocess.call(shell=true) check
• Added httpx no-verify check
• Added requests no-verify check

1.0.2

• Added flask debug mode check
• Added pyyaml load check