当前位置:首页 >英文主页 >中英对照 > 报告详情

Snyk:Python安全洞察报告(英文版)(19页).pdf

上传人: 无*** 编号:114343 2023-02-07 19页 6.34MB

下载:

1、Python security insightsSeptember 2021 tl;drIntroductionThe security footprint of a typical Python projectThe most common security issues in Python projectsDealing with vulnerabilities in Python containersVulnerability spotlight:ipaddressThe most commonly downloaded Python packagesThe most common vu

2、lnerable packages in Python projectsPackage spotlight:urllib3Fixing vulnerabilitiesKeep your code secureTackling known vulnerabilities Picking the right container imageConclusion34579101113141516171819Table of contents*tl;drPyPI stat?316,360 package?2,739,363 version release?4,595,611 package file?8

3、.3TB total size of packages on PyPIPython project?An average project has 35 dependencies with an almost 50/50 split between direct and indirect dependencie?An average vulnerable project consists of 33 known vulnerabilitiesSecurity takeawaysBad new?47%of Python projects contain known vulnerabilitie?3

4、3%of all known Python vulnerabilities are high and critical severity issue?In over 60%of Python projects,code related elements of OWASP Top 10 2021 list of issues can be found(e.g.Command Injection,XSS).Good new?You can eliminate 87%of known vulnerabilities by upgrading the vulnerable packag?Most co

5、ntainer vulnerabilities can be fixed using slimmer image?The most popular Python packages are healthy,receiving an average Snyk Advisor health score of 81%Python container?Over 1500 different Python image tags were pulled down from Docker in the last month alone?python:latest(AKA python:3.9),has 431

6、 pre-installed packages with 353 vulnerabilities?Most vulnerabilities can quickly be“fixed”by using slimmer images?python:slim(Debian-based)has only 94 packages and 78 vulnerabilitie?python:alpine has just 37 packages and 0 vulnerabilitiesData taken from the Snyk Intel Vulnerability Database,hundred

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要讨论了Python项目的安全问题,包括Python项目的典型安全足迹、最常见的Python项目安全问题、Python容器中的漏洞处理、ipaddress包的漏洞、最常下载的Python包以及Python项目中常见的易受攻击的包。 文章指出,Python项目的平均依赖项数量为35个,其中直接依赖项和间接依赖项各占一半。在这些项目中,有47%的项目包含已知漏洞,平均每个易受攻击的项目包含33个已知漏洞。 在Python容器方面,文章指出,Docker的官方Python镜像非常受欢迎,但较重的镜像如python:3.7仍然是最常见的Python基础镜像。 文章还指出,ipaddress包存在一个严重的IP验证漏洞,影响了Python 3.8.0至3.10的所有版本。 在Python包方面,文章列出了最常下载的Python包,以及Python项目中常见的易受攻击的包。其中,urllib3和pillow等流行包存在多个严重漏洞。 总的来说,文章强调了Python项目中的安全问题,并提供了关于如何处理这些问题的建议。
Python项目安全问题有哪些? 如何修复Python容器中的漏洞? Python中最常见的易受攻击的包有哪些?
客服
商务合作
小程序
服务号
折叠