{"id":13733585,"url":"https://github.com/Takishima/flake8-secure-coding-standard","last_synced_at":"2025-05-08T09:32:34.566Z","repository":{"id":37821050,"uuid":"378670025","full_name":"Takishima/flake8-secure-coding-standard","owner":"Takishima","description":"Flake8 plugin to enforce some secure coding standards for Python.","archived":false,"fork":false,"pushed_at":"2025-05-05T18:45:12.000Z","size":152,"stargazers_count":5,"open_issues_count":3,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-05T19:53:09.339Z","etag":null,"topics":["flake8","flake8-plugin","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Takishima.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-06-20T14:50:22.000Z","updated_at":"2024-10-14T07:26:35.000Z","dependencies_parsed_at":"2023-09-26T09:01:24.325Z","dependency_job_id":"f347a205-b140-41ea-b7f3-03af1cd6f09f","html_url":"https://github.com/Takishima/flake8-secure-coding-standard","commit_stats":{"total_commits":70,"total_committers":6,"mean_commits":"11.666666666666666","dds":0.5714285714285714,"last_synced_commit":"61134c9c0b13bdf76d13ef03cdfef6847f472922"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Takishima%2Fflake8-secure-coding-standard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Takishima%2Fflake8-secure-coding-standard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Takishima%2Fflake8-secure-coding-standard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Takishima%2Fflake8-secure-coding-standard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Takishima","download_url":"https://codeload.github.com/Takishima/flake8-secure-coding-standard/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253036728,"owners_count":21844268,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flake8","flake8-plugin","python"],"created_at":"2024-08-03T03:00:45.790Z","updated_at":"2025-05-08T09:32:34.303Z","avatar_url":"https://github.com/Takishima.png","language":"Python","readme":"# Flake8 Secure Coding Standard Plugin\n\n![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flake8-secure-coding-standard?label=Python) [![PyPI version](https://badge.fury.io/py/flake8-secure-coding-standard.svg)](https://badge.fury.io/py/flake8-secure-coding-standard) [![CI Build](https://github.com/Takishima/flake8-secure-coding-standard/actions/workflows/ci.yml/badge.svg)](https://github.com/Takishima/flake8-secure-coding-standard/actions/workflows/ci.yml) [![CodeQL](https://github.com/Takishima/flake8-secure-coding-standard/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/Takishima/flake8-secure-coding-standard/actions/workflows/codeql-analysis.yml) [![pre-commit.ci status](https://results.pre-commit.ci/badge/github/Takishima/flake8-secure-coding-standard/main.svg)](https://results.pre-commit.ci/latest/github/Takishima/flake8-secure-coding-standard/main) [![Coverage Status](https://coveralls.io/repos/github/Takishima/flake8-secure-coding-standard/badge.svg?branch=main)](https://coveralls.io/github/Takishima/flake8-secure-coding-standard?branch=main)\n\n\nflake8 plugin that enforces some secure coding standards.\n\n## Installation\n\n    pip install flake8-secure-coding-standard\n\n## Flake8 codes\n\n| Code   | Description                                                                                                   |\n|--------|---------------------------------------------------------------------------------------------------------------|\n| SCS100 | Use of `os.path.abspath()` and `os.path.relpath()` should be avoided in favor of `os.path.realpath()`         |\n| SCS101 | Use of `eval()` and `exec()` represent a security risk and should be avoided                                  |\n| SCS102 | Use of `os.system()` should be avoided                                                                        |\n| SCS103 | Use of `shell=True` in subprocess functions or use of functions that internally set this should be avoided    |\n| SCS104 | Use of `tempfile.mktemp()` should be avoided, prefer `tempfile.mkstemp()`                                     |\n| SCS105 | Use of `yaml.load()` should be avoided, prefer `yaml.safe_load()` or `yaml.load(xxx, Loader=SafeLoader)`      |\n| SCS106 | Use of `jsonpickle.decode()` should be avoided                                                                |\n| SCS107 | Use of debugging code should not be present in production code (e.g. `import pdb`)                            |\n| SCS108 | `assert` statements should not be present in production code                                                  |\n| SCS109 | Use of builtin `open` for writing is discouraged in favor of `os.open` to allow for setting file permissions  |\n| SCS110 | Avoid using `os.popen()` as it internally uses `subprocess.Popen` with `shell=True`                           |\n| SCS111 | Use of `shlex.quote()` should be avoided on non-POSIX platforms                                               |\n| SCS112 | Avoid using `os.open()` with unsafe file permissions                                                          |\n| SCS113 | Avoid using `pickle.load()` and `pickle.loads()`                                                              |\n| SCS114 | Avoid using `marshal.load()` and `marshal.loads()`                                                            |\n| SCS115 | Avoid using `shelve.open()`                                                                                   |\n| SCS116 | Avoid using `os.mkdir` and `os.makedirs` with unsafe file permissions                                         |\n| SCS117 | Avoid using `os.mkfifo` with unsafe file permissions                                                          |\n| SCS118 | Avoid using `os.mknod` with unsafe file permissions                                                           |\n| SCS119 | Avoid using `os.chmod` with unsafe file permissions (W ^ X for group and others)                              |\n\n\n## Plugin configuration options\n\nThis plugin supports some configuration options that may either be specified directly on the command line with a flag\nusing the option name as `--name` or by specifying them in one of flake8's configuration files (ie. `pyproject.toml`,\n`setup.cfg`, `.flake8`, etc.).\n\nAvailable options:\n\n| Option name    | Option type | Default value | Related error code |\n|----------------|-------------|---------------|--------------------|\n| os-open-mode   | mode-like   | 0 (off)       | SCS112             |\n| os-mkdir-mode  | mode-like   | 0 (off)       | SCS116             |\n| os-mkfifo-mode | mode-like   | 0 (off)       | SCS117             |\n| os-mknod-mode  | mode-like   | 0 (off)       | SCS118             |\n\n\n### Mode-like options\n\nMode-like options are configuration options for errors/warnings that relate to some function that accepts a `mode`\nparameter (or similar) that control some file or directory permissions. For those kind of options, the plugin\nunderstands a variety of values that must be specified as `string`. They will then be parsed into a list of allowed mode\nvalues:\n\n- Any positive, non-zero (octal or decimal) integer value specifies the maximum value for the mode value\n- A comma-separated list of (octal or decimal) integers indicates the list of allowed mode values\n- 'y', 'yes', 'true' (case-insensitive) will turn on the warnings using the default value of `0o755`\n- 'n', 'no', 'false' (case-insensitive) will turn off the warnings\n\nExample of values (for `pyproject.toml`):\n```toml\n    [tool.flake8]\n    os-open-mode = '0'            # check disabled\n    os-open-mode = 'no'           # check disabled\n    os-open-mode = '493'          # all modes from 0 to 493 (=0o755)\n    os-open-mode = '0o755'        # all modes from 0 to 0o755\n    os-open-mode = '0o755,'       # only 0o755 (notice the comma)\n    os-open-mode = '0o644,0o755'  # only 0o644 and 0o755\n```\n\nYou can also specify those options directly on the command line:\n\n```sh\npython3 -m flake8 --os-open-mode='0o755'\n```\n\n## Pre-commit hook\n\nSee [pre-commit](https://github.com/pre-commit/pre-commit) for instructions\n\nSample `.pre-commit-config.yaml`:\n\n```yaml\n-   repo: https://github.com/PyCQA/flake8\n    rev: 4.0.0\n    hooks:\n    -   id: flake8\n        additional_dependencies: [flake8-secure-coding-standard]\n```\n","funding_links":[],"categories":["Bugs"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTakishima%2Fflake8-secure-coding-standard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTakishima%2Fflake8-secure-coding-standard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTakishima%2Fflake8-secure-coding-standard/lists"}