openstack team mailing list archive

Thread
Date

OpenStack security / automated python testing

To: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Glen Campbell <glen.campbell@xxxxxxxxxxxxx>
Date: Mon, 16 May 2011 21:58:08 +0000
Accept-language: en-US
Thread-index: AQHMFBRX236u+fI8PE+QPtEIr4plmA==
Thread-topic: OpenStack security / automated python testing
User-agent: Microsoft-MacOutlook/14.10.0.110310

Is anyone in the OpenStack community using automated tools to perform code analysis?

If not, are you familiar with such tools that will work with python? We're specifically interested in tools that can be used to provide rapid feedback to developers about potentially dangerous code (for example, SQL statements that are not scrubbed, query strings that are not properly validated). I've used such tools in the past for PHP and other languages, but I'm kind of at a loss when it comes to python.

What we'd really like to see is for someone to pick up the "security" task and run with it, with regular penetration testing and detailed analytics so that we can ensure that OpenStack products are reliably secure. Automated code testing is an early step in that process.


[cid:F414D321-0144-4256-A1AB-F8051E60ED24]


Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@xxxxxxxxxxxxx, and delete the original message.
Your cooperation is appreciated.