I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
What are modules in Python? How can you secure Python modules.
Just like other scripting languages, if you want to create a longer program using Python it is best to use a text editor. When creating a script, and the program gets to be long, you may even want to split your script into multiple files for maintenance purposes. To support this type of work, Python can put definitions in a file, and use them in a script. This type of file is called a module. Definitions from a module can be imported into other modules. According to docs.python.org, â€œa module is a file containing Python definitions and statements.â€
Python modules can host executable statements, and function definitions. These types of statements are meant to initiate a module, and is only executed during the first time a module name is encountered during an import statement. All modules have a private symbol table that is used as a global symbol table for all functions defined within a module.
As great as Python is, it is still vulnerable to attacks. Therefor users should secure their scripts. One way to maintain security is to use the most up to date version, which is Python 3. Although Python 2.7 is still supported, and used by many it was announced that Python 2 will end 1 January 2020. Another great tool is to scan your code with Bandit to pinpoint vulnerabilities. When it comes to modules, you need to watch your import statements. There are two types of imports, absolute import, and relative import. An absolute import will use an entire path of a module, while a relative import start at the path of a current module.
Denbraver, Hayley. Python Security Best Practices Cheat Sheet. 28 Feb 2019. https://snyk.io/blog/python-security-best-practices-cheat-sheet/
Python Software Foundation. Modules. 01 Oct 2019. https://docs.python.org/3/tutorial/modules.html
A python module is simply a python file that contains python statements, python definitions, or/and python code . A python file is just a file which has a “.py” extension. A python statement can be an import or a print statement inside a python file. Python definition is of course a python function that might take in parameters and return a value or a function that accomplish specific action for the overall program. Python code can be a full runnable python program with classes and functions or just few lines that achieve an action. Python modules can be compiled together to create a python package.
Python code like node.js code or c# code from security or lack of security perspective. Securing Python code requires almost the same security measure as node.js where input values must be sanitized and controlled before they are accepted and used.
Python developers have created extra advanced measure to secure python code. For example, defusedxml is a third party library that was developed by Christian Heimes to add safe-guards measures against “billion laughs” or external entity expansion (EEE) attacks. These attacks can consume multiple gigabytes of RAM when python XML parser tries to parse the payload.
Another way to secure python code is to prevent security vulnerabilities. This can be done by using another tool called Bundit where it scans each .py file. This tool create an abstract syntax tree (AST) then it runs security plugins to common software security issues.
Besides using third-party tools to scan codes to securely parse xml stream, the developer can follow best-practices when coding. Experienced python developers recommend checking SSL certification when making http requests. Also, they recommend not to deserialize data from an unknown or untrusted sources.