{"id":1023,"date":"2020-06-15T14:54:56","date_gmt":"2020-06-15T12:54:56","guid":{"rendered":"https:\/\/blog.tiraquelibras.com\/?p=1023"},"modified":"2020-06-15T15:00:39","modified_gmt":"2020-06-15T13:00:39","slug":"auditar-la-seguridad-del-codigo-python-en-debian-9","status":"publish","type":"post","link":"https:\/\/blog.tiraquelibras.com\/?p=1023","title":{"rendered":"Auditar la seguridad del c\u00f3digo Python en Debian 9"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Tabla de contenidos<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69fc85653b925\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69fc85653b925\"  aria-label=\"Alternar\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Intro\"  rel=\"nofollow\" target=\"_blank\">Intro<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Herramientas\"  rel=\"nofollow\" target=\"_blank\">Herramientas<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Entorno_virtual\"  rel=\"nofollow\" target=\"_blank\">Entorno virtual<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Codigo_para_auditar\"  rel=\"nofollow\" target=\"_blank\">C\u00f3digo para auditar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Auditoria_del_codigo\"  rel=\"nofollow\" target=\"_blank\">Auditor\u00eda del c\u00f3digo<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Bandit\"  rel=\"nofollow\" target=\"_blank\">Bandit<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Instalacion\"  rel=\"nofollow\" target=\"_blank\">Instalaci\u00f3n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Uso\"  rel=\"nofollow\" target=\"_blank\">Uso<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#MyPy\"  rel=\"nofollow\" target=\"_blank\">MyPy<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Instalacion-2\"  rel=\"nofollow\" target=\"_blank\">Instalaci\u00f3n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-11 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Uso-2\"  rel=\"nofollow\" target=\"_blank\">Uso<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Auditoria_de_dependencias\"  rel=\"nofollow\" target=\"_blank\">Auditor\u00eda de dependencias<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Safety\"  rel=\"nofollow\" target=\"_blank\">Safety<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-14 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Instalacion-3\"  rel=\"nofollow\" target=\"_blank\">Instalaci\u00f3n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-15 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Uso-3\"  rel=\"nofollow\" target=\"_blank\">Uso<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Conclusion\"  rel=\"nofollow\" target=\"_blank\">Conclusi\u00f3n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17 external external_icon\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\/#Enlaces_de_interes\"  rel=\"nofollow\" target=\"_blank\">Enlaces de inter\u00e9s<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Intro\"><\/span>Intro<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Una buena pr\u00e1ctica de seguridad en programaci\u00f3n es realizar auditor\u00edas peri\u00f3dicas del c\u00f3digo a medida que se va escribiendo, de tal forma que las correcciones que debamos aplicar sean mucho menores y m\u00e1s f\u00e1ciles de corregir que si lo realizamos al final del desarrollo.<\/p>\n\n\n\n<p>Para <em>Python<\/em> existen una serie de herramientas para poder hacer estas auditor\u00edas, las cuales vamos a mostrar a continuaci\u00f3n.<\/p>\n\n\n\n<p>Estas pruebas las hemos realizado en un sistema operativo <strong>Debian 9<\/strong> y para <strong>Python 3<\/strong> en entornos virtuales <strong>virtualenv<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Herramientas\"><\/span>Herramientas<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Vamos a utilizar las siguientes herramientas:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Auditor\u00eda del c\u00f3digo:<ul><li><strong>Bandit<\/strong> para <em>Python3<\/em>.<\/li><li><strong>MyPy<\/strong>.<\/li><\/ul><\/li><li>Auditor\u00eda de dependencias:<ul><li><strong>Safety<\/strong>.<\/li><\/ul><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Entorno_virtual\"><\/span>Entorno virtual<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Para realizar la auditor\u00eda del c\u00f3digo con las herramientas indicadas en el apartado anterior vamos a crear un entorno virtual en una <em>Raspberry<\/em>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">root@raspberrypi:\/usr\/local\/scripts# mkdir audit\nroot@raspberrypi:\/usr\/local\/scripts# cd audit\/\nroot@raspberrypi:\/usr\/local\/scripts\/audit# python3 -m virtualenv .audit<\/code><\/pre>\n\n\n\n<p>Y lo activamos:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">root@raspberrypi:\/usr\/local\/scripts\/audit# . .audit\/bin\/activate\n(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit#<\/code><\/pre>\n\n\n\n<p>Para m\u00e1s informaci\u00f3n sobre entornos virtuales puedes consultar esta entrada del blog sobre <a href=\"https:\/\/blog.tiraquelibras.com\/?p=723\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">entornos virtuales en Python3<\/a>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Codigo_para_auditar\"><\/span>C\u00f3digo para auditar<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Vamos a utilizar un archivo que llamaremos <strong><em>audit.py<\/em><\/strong> con el siguiente c\u00f3digo Python:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"python\" class=\"language-python\">import sys\nimport os\nfrom urllib import request\n\nurl = request.urlopen(sys.argv[1])\nprint(url)\n\nvalue = os.popen('uname -a')\nfor i in value.__iter__():\n print(i)\n\nnum = 5\nprint('The value is ' + num)<\/code><\/pre>\n\n\n\n<p>Este contiene varios errores (str + int) o comandos poco seguros (Shell command), de los cuales seremos advertidos usando los programas que vamos a analizar.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Auditoria_del_codigo\"><\/span>Auditor\u00eda del c\u00f3digo<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Para realizar la auditor\u00eda del c\u00f3digo escrito vamos a ver dos herramientas muy interesantes, ambas con licencia de software libre.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Bandit\"><\/span>Bandit<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Este programa audita la seguridad del c\u00f3digo, pero no los errores de programaci\u00f3n. Se encuentra bajo el repositorio oficial de <em>Debian 9<\/em>, en donde podemos encontrar distintas versiones, tal y como se muestra a continuaci\u00f3n.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Instalacion\"><\/span>Instalaci\u00f3n<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">root@raspberrypi:\/home\/sergio# apt-cache search bandit\nbandit - Security oriented static analyzer for Python code - Metapackage\npython-bandit - Security oriented static analyzer for Python code - Python 2.7\npython3-bandit - Security oriented static analyzer for Python code - Python 3.x<\/code><\/pre>\n\n\n\n<p>Si instalamos el primero de los programas nos indica que est\u00e1 escrito para <em>Python 2.7.x<\/em>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# bandit --version\nbandit 1.5.1\n  python version = 2.7.16 (default, Oct 10 2019, 22:02:15) [GCC 8.3.0]<\/code><\/pre>\n\n\n\n<p>Por lo que vamos a instalar el que aparece para <em>Python 3<\/em>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# apt-get install python3-bandit<\/code><\/pre>\n\n\n\n<p>Y comprobamos que la versi\u00f3n es la correcta para auditar el c\u00f3digo de <em>Python 3<\/em>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# python3-bandit --version\npython3-bandit 1.5.1\n  python version = 3.7.3 (default, Dec 20 2019, 18:57:59) [GCC 8.3.0]<\/code><\/pre>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Uso\"><\/span>Uso<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Si auditamos el c\u00f3digo que usamos como ejemplo, archivo llamado <em>audit.py<\/em>, con el siguiente comando:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# python3-bandit audit.py<\/code><\/pre>\n\n\n\n<p>Obtenemos los siguientes resultados:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">Test results:\n>> Issue: [B310:blacklist] Audit url open for permitted schemes. Allowing use of file:\/ or custom schemes is often unexpected.\n   Severity: Medium   Confidence: High\n   Location: audit.py:5\n   More Info: https:\/\/bandit.readthedocs.io\/en\/latest\/blacklists\/blacklist_calls.html#b310-urllib-urlopen\n4\n5       url = request.urlopen(sys.argv[1].read())\n6       print(url)\n\n--------------------------------------------------\n>> Issue: [B605:start_process_with_a_shell] Starting a process with a shell: Seems safe, but may be changed in the future, consider rewriting without shell\n   Severity: Low   Confidence: High\n   Location: audit.py:8\n   More Info: https:\/\/bandit.readthedocs.io\/en\/latest\/plugins\/b605_start_process_with_a_shell.html\n7\n8       value = os.popen('uname -a')\n9       for i in value.__iter__():\n\n--------------------------------------------------\n>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path\n   Severity: Low   Confidence: High\n   Location: audit.py:8\n   More Info: https:\/\/bandit.readthedocs.io\/en\/latest\/plugins\/b607_start_process_with_partial_path.html\n7\n8       value = os.popen('uname -a')\n9       for i in value.__iter__():\n\n--------------------------------------------------\n\nCode scanned:\n        Total lines of code: 10\n        Total lines skipped (#nosec): 0\n\nRun metrics:\n        Total issues (by severity):\n                Undefined: 0.0\n                Low: 2.0\n                Medium: 1.0\n                High: 0.0\n        Total issues (by confidence):\n                Undefined: 0.0\n                Low: 0.0\n                Medium: 0.0\n                High: 3.0\nFiles skipped (0):<\/code><\/pre>\n\n\n\n<p>Nos muestra cada advertencia con una valoraci\u00f3n de <em>severidad<\/em> y <em>confiabilidad<\/em>, junto a un enlace en donde obtener m\u00e1s informaci\u00f3n al respecto sobre esa advertencia en concreto.<\/p>\n\n\n\n<p>El programa tiene una gran cantidad de opciones, las cuales te recomiendo probar consultando la ayuda contextual ejecutando el comando:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# python3-bandit --help<\/code><\/pre>\n\n\n\n<p>Como comentamos al comienzo de esta secci\u00f3n, este programa no detecta errores de escritura en la estructura del c\u00f3digo, como por ejemplo el error al concatenar una variable num\u00e9rica con un texto. Para cubrir esta carencia vamos a ver la siguiente herramienta.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"MyPy\"><\/span>MyPy<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Este es un programa verificador de tipo est\u00e1tito para Python, el cual nos mostrar\u00e1 posibles errores en la escritura de nuestro c\u00f3digo sin necesidad de ejecutarlo.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Instalacion-2\"><\/span>Instalaci\u00f3n<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Para instalarlo en nuestro entorno virtual ejecutaremos el siguiente comando:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# python -m pip install mypy -U<\/code><\/pre>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Uso-2\"><\/span>Uso<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Su uso es muy sencillo, tal y como veremos a continuaci\u00f3n ejecutando el siguiente comando:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# mypy audit.py<\/code><\/pre>\n\n\n\n<p>Obtendremos el siguiente resultado:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">audit.py:13: error: Unsupported operand types for + (\"str\" and \"int\")\nFound 1 error in 1 file (checked 1 source file)<\/code><\/pre>\n\n\n\n<p>Nos muestra el error de sintaxys que hemos introducido, como es el concatenar un texto con una variable de tipo num\u00e9rico (<em>int<\/em>).<\/p>\n\n\n\n<p>El programa tiene una gran cantidad de opciones, las cuales te recomiendo probar consultando la ayuda contextual ejecutando el comando:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# mypy --help<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Auditoria_de_dependencias\"><\/span>Auditor\u00eda de dependencias<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Para realizar la auditor\u00eda de las dependencias que pueda afectar a nuestro c\u00f3digo, esto quiere decir los paquetes instalados en nuestro sistema o entorno virtual, haremos uso de una herramienta en su versi\u00f3n gratuita.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Safety\"><\/span>Safety<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Esta herramienta es de pago, pero tiene una versi\u00f3n gratuita para uso <em>no comercial<\/em>. Nos mostrar\u00e1 cualquier paquete desactualizado que tengamos instalado, con el consiguiente riesgo de seguridad que ello pudiera suponer.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Instalacion-3\"><\/span>Instalaci\u00f3n<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Para instalarlo usaremos el siguiente comando:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# python -m pip install safety<\/code><\/pre>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Uso-3\"><\/span>Uso<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Podemos chequear los paquetes instalados en nuestro sistema o entorno virtual, que es nuestro caso, o podemos chequear los paquetes especificados en el archivo <strong>requirementes.txt<\/strong> que se suele usar para instalar en un \u00fanico comando con <em>pip<\/em>.<\/p>\n\n\n\n<p>Instalemos un paquete antiguo para ver el resultado del test:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# python -m pip install httplib2==0.15.0<\/code><\/pre>\n\n\n\n<p>Ahora si ejecutamos el siguiente comando:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# safety check<\/code><\/pre>\n\n\n\n<p>Obtenemos el siguiente resultado:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">+==============================================================================+\n|                                                                              |\n|                               \/$$$$$$            \/$$                         |\n|                              \/$$__  $$          | $$                         |\n|           \/$$$$$$$  \/$$$$$$ | $$  \\__\/\/$$$$$$  \/$$$$$$   \/$$   \/$$           |\n|          \/$$_____\/ |____  $$| $$$$   \/$$__  $$|_  $$_\/  | $$  | $$           |\n|         |  $$$$$$   \/$$$$$$$| $$_\/  | $$$$$$$$  | $$    | $$  | $$           |\n|          \\____  $$ \/$$__  $$| $$    | $$_____\/  | $$ \/$$| $$  | $$           |\n|          \/$$$$$$$\/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$\/|  $$$$$$$           |\n|         |_______\/  \\_______\/|__\/     \\_______\/   \\___\/   \\____  $$           |\n|                                                          \/$$  | $$           |\n|                                                         |  $$$$$$\/           |\n|  by pyup.io                                              \\______\/            |\n|                                                                              |\n+==============================================================================+\n| REPORT                                                                       |\n| checked 39 packages, using default DB                                        |\n+============================+===========+==========================+==========+\n| package                    | installed | affected                 | ID       |\n+============================+===========+==========================+==========+\n| httplib2                   | 0.15.0    | &lt;0.18.0                  | 38303    |\n+==============================================================================+<\/code><\/pre>\n\n\n\n<p>Nos muestra el paquete que tenemos desactualizado en nuestro entorno virtual, el cual si actualizamos nos dejar\u00eda de mostrar como advertencia:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# python -m pip install httplib2 --upgrade\n...\n(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# safety check\n...\n| REPORT                                                                       |\n| checked 39 packages, using default DB                                        |\n+==============================================================================+\n| No known security vulnerabilities found.                                     |\n+==============================================================================+<\/code><\/pre>\n\n\n\n<p>Si el chequeo lo hacemos sobre el archivo <strong><em>requeriments.txt<\/em><\/strong>, el cual contiene el siguiente listado de paquetes:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">httplib2==0.15.0<\/code><\/pre>\n\n\n\n<p>Podemos ejecutar el siguiente comando sobre el fichero:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">(.audit) root@raspberrypi:\/usr\/local\/scripts\/audit# safety check -r requeriments.txt<\/code><\/pre>\n\n\n\n<p>Obteniendo el mismo resultado que antes, solo que en lugar de indicar que se chequearon 39 paquetes instalados en el sistema indica que se cheque\u00f3 1 paquete incluido en el archivo.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusi\u00f3n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Chequear la seguridad e integridad del c\u00f3digo durante el desarrollo es buena pr\u00e1ctica, pudiendo reducir la complejidad y coste de realizarlo al final del desarrollo o cuando surja alg\u00fan problema una vez sacado a producci\u00f3n. Estas herramientas nos pueden ayudar en esta tarea.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enlaces_de_interes\"><\/span>Enlaces de inter\u00e9s<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Enlace oficial de <a href=\"https:\/\/bandit.readthedocs.io\/en\/latest\/\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">Bandig<\/a><\/p>\n\n\n\n<p>Enlace oficial en <em>GitHub<\/em> de <a href=\"https:\/\/github.com\/python\/mypy\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">MyPy<\/a><\/p>\n\n\n\n<p>P\u00e1gina oficial de <a href=\"https:\/\/pyup.io\/safety\/\" class=\"external external_icon\" rel=\"nofollow\" target=\"_blank\">Safety<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Intro Una buena pr\u00e1ctica de seguridad en programaci\u00f3n es realizar auditor\u00edas peri\u00f3dicas del c\u00f3digo a medida que se va escribiendo, de tal forma que las<span class=\"read-more-link\"><a class=\"read-more\" href=\"https:\/\/blog.tiraquelibras.com\/?p=1023\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":582,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,6],"tags":[18,27,37],"class_list":["post-1023","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ciberseguridad","category-programacion","tag-codigo","tag-python","tag-seguridad"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts\/1023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1023"}],"version-history":[{"count":0,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/posts\/1023\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=\/wp\/v2\/media\/582"}],"wp:attachment":[{"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tiraquelibras.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}