From e066c4c4453e21ac6fbd054e1bd36052d78cbab1 Mon Sep 17 00:00:00 2001 From: Hubert Daniszewski <61824500+s19110@users.noreply.github.com> Date: Thu, 9 May 2024 12:30:37 +0200 Subject: [PATCH] CWE-681 (#14) * CWE-681 * CWE-681 Update README.md * CWE-681 Update README.md - no spaces * CWE-681 Update README.md --- CWE-664/CWE-681/compliant01.py | 9 +++++++++ CWE-664/CWE-681/noncompliant01.py | 7 +++++++ README.md | 1 + 3 files changed, 17 insertions(+) create mode 100644 CWE-664/CWE-681/compliant01.py create mode 100644 CWE-664/CWE-681/noncompliant01.py diff --git a/CWE-664/CWE-681/compliant01.py b/CWE-664/CWE-681/compliant01.py new file mode 100644 index 0000000..ba8ac73 --- /dev/null +++ b/CWE-664/CWE-681/compliant01.py @@ -0,0 +1,9 @@ +""" Compliant Code Example """ +from decimal import Decimal + +t = Decimal(str(4 / 2)) +print(f"t: {t}") +# t still prints "2.0", but now it's a Decimal +if Decimal("2").compare(t) == 0: + print("t equals 2") +# prints "t equals 2" diff --git a/CWE-664/CWE-681/noncompliant01.py b/CWE-664/CWE-681/noncompliant01.py new file mode 100644 index 0000000..846d246 --- /dev/null +++ b/CWE-664/CWE-681/noncompliant01.py @@ -0,0 +1,7 @@ +""" Non-compliant Code Example """ +s = str(4 / 2) +print(f"s: {s}") +# s is "2.0", a string +if s == "2": + print("s equals 2") +# diff --git a/README.md b/README.md index 3ff923f..36a340c 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ It is **not production code** and requires code-style or python best practices t |[CWE-410: Insufficient Resource Pool](CWE-664/CWE-410/.)|| |[CWE-502: Deserialization of Untrusted Data)](CWE-664/CWE-502/.)|| |[CWE-665: Improper Initialization](CWE-664/CWE-665/.)|| +|[CWE-681: Improper Control of a Resource Through its Lifetime](CWE-664/CWE-681/.)|| |[CWE-833: Deadlock](CWE-664/CWE-833/.)|| |[CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')](CWE-664/CWE-843/.)|| |[XXX-005: Consider hash-based integrity verification of byte code files against their source code files](CWE-664/XXX-005/.)||