The following modules have specific security considerations:
hashlib
:
all constructors take a “usedforsecurity” keyword-only argument disabling known insecure and blocked algorithms
http.server
is not suitable for production use, only implementing basic security checks. See the
security considerations
.
random
shouldn’t be used for security purposes, use
secrets
代替
shelve
:
shelve is based on pickle and thus unsuitable for dealing with untrusted sources
tempfile
:
mktemp is deprecated due to vulnerability to race conditions
zipfile
:
maliciously prepared .zip files can cause disk volume exhaustion
-I
command line option can be used to run Python in isolated mode. When it cannot be used, the
-P
option or the
PYTHONSAFEPATH
environment variable can be used to not prepend a potentially unsafe path to
sys.path
such as the current directory, the script’s directory or an empty string.
