PyT (Python Taint)
Tool and Usage
Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.
- Detect Command injection, SQL injection, and XSS
- Detect directory traversal
- Get a control flow graph
- Get a def-use and/or a use-def chain
- Search GitHub and analyze hits with PyT
- Scan intraprocedural or interprocedural
- Customizations possible
Usage and audience
PyT is commonly used for code analysis. Target users for this tool are developers.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
Several dependencies are required to use PyT.
To use PyT, install it via the following method below.
After installation, check the version number of the program and compare it with the one on this page. Be aware of versions that are outdated, as they may contain bugs or even security vulnerabilities.
Similar tools to PyT:
Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.