Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

Overview

Dlint

Build Status Build Status Coverage Status Python Versions PyPI Version

Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

The most important thing I have done as a programmer in recent years is to aggressively pursue static code analysis. Even more valuable than the hundreds of serious bugs I have prevented with it is the change in mindset about the way I view software reliability and code quality.

For a static analysis project to succeed, developers must feel they benefit from and enjoy using it.

For documentation and a list of rules see docs.

Installing

$ python -m pip install dlint

Specify python2 or python3 to install for a specific Python version.

And double check that it was installed correctly:

$ python -m flake8 -h
Usage: flake8 [options] file file ...

...

Installed plugins: dlint: 0.11.0, mccabe: 0.5.3, pycodestyle: 2.2.0, pyflakes: 1.3.0

Note the dlint: 0.11.0.

Using

Dlint builds on flake8 to perform its linting. This provides many useful features without re-inventing the wheel.

CLI

Let's run a simple check:

$ cat << EOF > test.py
print("TEST1")
exec('print("TEST2")')
EOF
$ python test.py
TEST1
TEST2
$ python -m flake8 --select=DUO test.py
test.py:2:1: DUO105 use of "exec" is insecure

The --select=DUO flag tells flake8 to only run Dlint lint rules.

From here, we can easily run Dlint against a directory of Python code:

$ python -m flake8 --select=DUO /path/to/code

To fine-tune your linting, check out the flake8 help:

$ python -m flake8 --help

Inline Editor

Dlint results can also be included inline in your editor for fast feedback. This typically requires an editor plugin or extension. Here are some starting points for common editors:

Integrating

Dlint can easily be integrated into CI pipelines, or anything really.

For more information and examples see 'How can I integrate Dlint into XYZ?'.

Custom Plugins

Dlint's custom plugins are built on a simple naming convention, and rely on Python modules. To make a Dlint custom plugin use the following conventions:

  • The Python module name must start with dlint_plugin_.
  • The linter class name must start with Dlint.
  • The linter class should inherit from dlint.linters.base.BaseLinter.
    • If for some reason you'd like to avoid this, then you must implement the get_results function appropriately and inherit from ast.NodeVisitor.

See an example plugin for further details.

Developing

First, install development packages:

$ python -m pip install -r requirements.txt
$ python -m pip install -r requirements-dev.txt
$ python -m pip install -e .

Testing

$ pytest

Linting

$ flake8

Coverage

$ pytest --cov

Benchmarking

$ pytest -k test_benchmark_run --benchmark-py-file /path/to/file.py tests/test_benchmark/

Or get benchmark results for linters individually:

$ pytest -k test_benchmark_individual --benchmark-py-file /path/to/file.py tests/test_benchmark/

Or run against a single linter:

$ pytest -k test_benchmark_individual[DUO138-BadReCatastrophicUseLinter] --benchmark-py-file /path/to/file.py tests/test_benchmark/
Owner
Dlint
Dlint Python static analysis and related projects.
Dlint
♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

STgazing 2 Jul 23, 2022
Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)

OMIGOD Proof on Concept Exploit for CVE-2021-38647 (OMIGOD) For background information and context, read the our blog post detailing this vulnerabilit

Horizon 3 AI Inc 231 Nov 12, 2022
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.

ClusterFuzz ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all

Google 4.9k Jan 08, 2023
Make files with as many random bytes as you want

Lots o' Bytes 🔣 Make files with as many random bytes as you want! Use case Can be used to package malware that is normally small by making the downlo

Addi 1 Jan 13, 2022
Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework)

Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework) Yosh! If you are a django backend develo

Abram (^o^) 7 Sep 30, 2022
Installation of hacking tools

Tools-Spartan This is a program that makes it easy for you to download and install tools used in Kali Linux, there are tons of tools available.

1 Nov 10, 2021
A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

PyArmor Homepage (中文版网站) Documentation(中文版) PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine

Dashingsoft 1.9k Dec 30, 2022
Security system to prevent Shoulder Surfing Attacks

Surf_Sec Security system to prevent Shoulder Surfing Attacks. REQUIREMENTS: Python 3.6+ XAMPP INSTALLED METHOD TO CONFIGURE PROJECT: Clone the repo to

Aman Anand 1 Jan 27, 2022
macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

Cyborg Security, Inc 212 Dec 29, 2022
Mass scan for .git repository and .env file exposure

Mass .Git repository and .Env file Scan by Scarmandef Scanner to find .env file and .git repository exposure on multiple hosts Because of the response

8 Jun 23, 2022
Metasploit Multi Purpose Exploiting Toolkit For Termux

MSF-EXPLOIT MSF-ANDRO is a Metasploit Multi Purpose Exploiting Toolkit For Termux . Only a Basic Script , Still in Development . FEATURES : Install Me

Mr.X 22 Dec 29, 2022
Lite version of my Gatekeeper backdoor for public use.

MayorSec Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning Gatekee

Joe Helle 56 Mar 25, 2022
PKUAutoElective for 2021 spring semester

PKUAutoElective 2021 Spring Version Update at Mar 7 15:28 (UTC+8): 修改了 get_supplement 的 API 参数,已经可以实现课程列表页面的正常跳转,请更新至最新 commit 版本 本项目基于 PKUAutoElectiv

Zihan Mao 84 Sep 09, 2022
A Tool to find subdomains from hackerone reports.

Hactivity A Tool to find subdomains from Hackerone reports of a given company or a search term (xss, ssrf, etc). It can also print out URL and Title o

Stinger 15 Jul 24, 2022
CVE-2021-26855 SSRF Exchange Server

CVE-2021-26855 Brute Force EMail Exchange Server Timeline: Monday, March 8, 2021: Update Dumping content...(I'm not done, can u guy help me done this

lulz 117 Nov 28, 2022
A security system to warn you when people enter your room 🎥

Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid

ScriptLine 1 Jan 11, 2022
Facebook Fast Cracking Tool With Python

Pro-Crack Facebook Fast Cracking Tool This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly Installation On Te

ReD H4CkeR 5 Feb 19, 2022
proof-of-concept running docker container from omero web

docker-from-omero-poc proof-of-concept running docker container from omero web How-to Edit test_script.py so that the BaseClient is created pointing t

Erick Martins Ratamero 2 Jan 22, 2022
Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

12 Sep 28, 2022
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanni

AnonyminHack5 12 Dec 02, 2022