Julien Delange • Friday, June 10, 2022
AUTHOR
JD
Julien Delange, Founder and CEO
Julien is the CEO of Codiga. Before starting Codiga, Julien was a software engineer at Twitter and Amazon Web Services.
Julien has a PhD in computer science from Universite Pierre et Marie Curie in Paris, France.
Security is important for any software, but it becomes critical when we develop production-ready code. A lot of CWEs are based on the input data that is passed to the program without validation. In this case, a malicious user could manipulate the input data and cause unexpected results. In this blog post, we explain what are the main security issues when using Python, and then look at how we can prevent CWE by detecting unsafe safe code before it reaches production.
Introduction
Python is one of the most popular languages. The Python ecosystem is very rich and it's possible to implement almost anything with Python! Python has been developing a reputation as a secure language, but this is not the case. Compared to other languages, it is relatively secure. But it is not immune to bugs and vulnerabilities either. Security flaws were found in many popular Python libraries and frameworks such as Django, Flask, and Flask-SQLAlchemy.
The security of Python code
First, it is important to distinguish between security and safety.
Let's first talk about code safety. Python has a dynamic type system, which makes it easy to crash a program (or at least, raise exceptions). Changing a value from an int into a string can easily break your program and create headaches once the code is deployed! This makes Python somewhat an error-prone and unsafe language. Hopefully, properly testing your software helps find such bugs and avoid them before deploying in production.
Now, let's talk about security. Some functions in Python are insecure. Take the module xml.etree.ElementTree: maliciously constructed data can carry out denial of service attacks, access local files, or circumvent firewalls. Take any code doing SQL queries: when improperly used, developers can introduce an SQL injection that can have catastrophic consequences (such as the deletion of the database).
For example, take the following code that does a SQL query.
cursor.execute("select users.email, users.level from users where id = {0}".format(user_id))
The variable user_id can then be forged to add more statements to delete the table. (for example, if user_id contains the value 1;DELETE FROM users).
The correct code to avoid such issues is shown below.
cursor.execute("select users.email, users.level from users where id = %s", user_id)
Such programming mistakes must be avoided in production unless you trust the data or sanitize it.
Some other functions are insecure by nature. Take the random module: the pseudo-random generator is considered unsafe and should not be used for any security-related function.
How to write safe and secure Python code and detect CWE (Common Weakness Enumeration)
There is unfortunately not a single way to know that your Python code is secure. However, there are some tools that help developers to check that their code is secure.
Developers can install IDE plugins that augment the analysis capability of their IDE and flag insecure code. For example, the Python Security plugin for IntelliJ/JetBrains detects SQL injection and misconfiguration of third-party libraries.
There are also static analysis tools that can be used to find or verify the absence of security-related issues in Python code. For example, bandit detects the use of insecure Python modules as well as insecure usage of some functions.
However, there is no guarantee that developers use these tools or act on their recommendations. And no guarantee that your code is secure.
How to avoid insecure Python code in production?
The best way to avoid insecure Python code is to systematically analyze the code before it is deployed in production. To do so, you need to configure your CI/CD pipeline and add new steps that analyze the code and flag insecure code.
You can do it manually and add new tools to your CI/CD pipeline to flag insecure code. However, maintaining such tools takes time and you need to regularly update them.
You can also use a platform like Codiga to automate this step and flag insecure code in your pull request. Such platforms are actively maintained and ensure that they always include the latest state-of-the-art code analysis tools.
Code Analysis platforms require no manual configuration, analyze your code in seconds and let you focus on fixing insecure code. When using Codiga, insecure code is automatically flagged in the interface as well as in pull requests.
Conclusion
Developers make the wrong assumption that Python is a secure programming language. While a lot of Python modules and external libraries are safe, developers must be careful and check their code. IDE plugins can assist developers while writing code. But the real solution to avoid vulnerabilities in production is to check the code in your CI/CD pipeline and ensure no security issues are being added in a pull request. To do so, you can either add new steps in your CI/CD pipeline or use a code analysis platform such as Codiga.