Certain Python language features pose inherent security risks. The following subsections detail specific dangerous constructs found within the Python Standard Library(PSL).
- Assert Statement
- Input Statement
- Built-in Functions eval, exec and compile
- The os.chmod Function
- The socket.bind() Method
- Directory Creation
- Dynamic Import Statements
- Exception Statements
- TarFile Statement
- Insecure Hashing
- FTP Statement
- Marshal Statement
- Mktemp Statement
- Subprocess Statement
- OS System Calls
- Logging Configuration
- Base64 Statements
- HTTP Server Use
- Multiprocessing Module `Connection.recv()`
- Pickle Function
- Random Statement
- Shelve Module
- sys Module:Tracing and Profiling Hooks
- XML Security
- Zipfile Extraction
- Shutil Statement