Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

Overview

Dlint

Build Status Build Status Coverage Status Python Versions PyPI Version

Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

The most important thing I have done as a programmer in recent years is to aggressively pursue static code analysis. Even more valuable than the hundreds of serious bugs I have prevented with it is the change in mindset about the way I view software reliability and code quality.

For a static analysis project to succeed, developers must feel they benefit from and enjoy using it.

For documentation and a list of rules see docs.

Installing

$ python -m pip install dlint

Specify python2 or python3 to install for a specific Python version.

And double check that it was installed correctly:

$ python -m flake8 -h
Usage: flake8 [options] file file ...

...

Installed plugins: dlint: 0.11.0, mccabe: 0.5.3, pycodestyle: 2.2.0, pyflakes: 1.3.0

Note the dlint: 0.11.0.

Using

Dlint builds on flake8 to perform its linting. This provides many useful features without re-inventing the wheel.

CLI

Let's run a simple check:

$ cat << EOF > test.py
print("TEST1")
exec('print("TEST2")')
EOF
$ python test.py
TEST1
TEST2
$ python -m flake8 --select=DUO test.py
test.py:2:1: DUO105 use of "exec" is insecure

The --select=DUO flag tells flake8 to only run Dlint lint rules.

From here, we can easily run Dlint against a directory of Python code:

$ python -m flake8 --select=DUO /path/to/code

To fine-tune your linting, check out the flake8 help:

$ python -m flake8 --help

Inline Editor

Dlint results can also be included inline in your editor for fast feedback. This typically requires an editor plugin or extension. Here are some starting points for common editors:

Integrating

Dlint can easily be integrated into CI pipelines, or anything really.

For more information and examples see 'How can I integrate Dlint into XYZ?'.

Custom Plugins

Dlint's custom plugins are built on a simple naming convention, and rely on Python modules. To make a Dlint custom plugin use the following conventions:

  • The Python module name must start with dlint_plugin_.
  • The linter class name must start with Dlint.
  • The linter class should inherit from dlint.linters.base.BaseLinter.
    • If for some reason you'd like to avoid this, then you must implement the get_results function appropriately and inherit from ast.NodeVisitor.

See an example plugin for further details.

Developing

First, install development packages:

$ python -m pip install -r requirements.txt
$ python -m pip install -r requirements-dev.txt
$ python -m pip install -e .

Testing

$ pytest

Linting

$ flake8

Coverage

$ pytest --cov

Benchmarking

$ pytest -k test_benchmark_run --benchmark-py-file /path/to/file.py tests/test_benchmark/

Or get benchmark results for linters individually:

$ pytest -k test_benchmark_individual --benchmark-py-file /path/to/file.py tests/test_benchmark/

Or run against a single linter:

$ pytest -k test_benchmark_individual[DUO138-BadReCatastrophicUseLinter] --benchmark-py-file /path/to/file.py tests/test_benchmark/
Owner
Dlint
Dlint Python static analysis and related projects.
Dlint
Übersicht remote command execution 0day exploit

Übersicht RCE 0day Unauthenticated remote command execution 0day exploit for Übersicht. Description Übersicht is a desktop widget application for m

BoofGang 10 Dec 21, 2021
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Nathan Galindo 1 Oct 30, 2021
Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

✭ DMBF CRACK Dibuat Dengan ❤️ Oleh Dapunta Author: - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Token ⇨ Fitur Crack [✯] Crack Dari Teman, Public,

Dapunta ID 10 Oct 19, 2022
This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard

This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard to form a 16-character password which is unpredictable and cannot easily be memorised.

Mohammad Shaad Shaikh 1 Nov 23, 2021
High level cheatsheet that was designed to make checks on the OSCP more manageable

High level cheatsheet that was designed to make checks on the OSCP more manageable. This repository however could also be used for your own studying or for evaluating test systems like on HackTheBox

Jacob Scheetz 89 Jan 01, 2023
FIVE, Vulnerability Scanner And Mass Exploiter, made for pentesting.

$ FIVE - FIVE is a Pentesting Framework to Test the Security & Integrity of a Website, or Multiple Websites. $ Info FIVE Was Made After Vulnnr to Prod

Neon 24 Dec 10, 2021
Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. BLOG COMING SOON Code and README.md this time around are

96 Dec 14, 2022
Course: Information Security with Python

Curso: Segurança da Informação com Python Curso realizado atravès da Plataforma da Digital Innovation One Prof: Bruno Dias Conteúdo: Introdução aos co

Elizeu Barbosa Abreu 1 Nov 28, 2021
Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. (Released due to exposure)

HCaptcha-Bypass Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. Not working? If it is not seeming to work for you

Dropout 17 Aug 23, 2021
ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

Poming huang 312 Dec 09, 2022
This respository contains the source code of the printjack and phonejack attacks.

Printjack-Phonejack This repository contains the source code of the printjack and phonejack attacks. The Printjack directory contains the script to ca

pietrobiondi 2 Feb 12, 2022
Looks at Python code to search for things which look "dodgy" such as passwords or diffs

dodgy Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions desig

Landscape 112 Nov 25, 2022
A curated list of amazingly awesome Cybersecurity datasets

A curated list of amazingly awesome Cybersecurity datasets

758 Dec 28, 2022
Receive notifications/alerts on the most recent disclosed CVE's.

Receive notifications on the most recent disclosed CVE's.

Ameliorate 7 Nov 24, 2022
Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

Apache OFBiz rmi反序列化EXP(CVE-2021-26295) 目前仅支持nc弹shell 将ysoserial.jar放置在同目录下,py3运行,根据提示输入漏洞url,你的vps地址和端口 第二次使用建议删除exp.ot 本工具仅用于安全测试,禁止未授权非法攻击站点,否则后果自负

15 Nov 09, 2022
Python exploit code for CVE-2021-4034 (pwnkit)

Python3 code to exploit CVE-2021-4034 (PWNKIT). This was an exercise in "can I make this work in Python?", and not meant as a robust exploit. It Works

Joe Ammond 92 Dec 29, 2022
TOOLS CRACK FACEBOOK

Installation $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/Mark-Zuck/zafi $ cd zafi $ pip2 instal

Romi Afrizal 50 Dec 26, 2022
This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks. The goal is to successfully use this notebook project below with Security Onion for beacon detection

4 Jun 08, 2022
A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

52 Dec 16, 2022
An IDA pro python script to decrypt Qbot malware string

Qbot-Strings-Decrypter An IDA pro python script to decrypt Qbot malware strings.

stuckinvim 6 Sep 01, 2022