Skip to content

Commit 7f48e60

Browse files
andrew-costelloandrew-costello
committed
-s
Signed-off-by: Andrew Costello <[email protected]>
1 parent 6d5bf6c commit 7f48e60

File tree

3 files changed

+137
-0
lines changed

3 files changed

+137
-0
lines changed

docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-404/README.md

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
# CWE-404: Improper Resource Shutdown or Release
2+
3+
Always close resources explicitly and ensure proper cleanup even if an error occurs.
4+
5+
Improper resource shutdown or release happens when a program allocates a resource, such as a file, socket, or database connection, and fails to release it when finished. Unlike normal objects (like numbers or strings), these resources are tied to the operating system and are not freed automatically by garbage collection. If left open, they can pile up and cause memory leaks, file handle exhaustion, or stalled network connections.
6+
7+
## Non-Compliant Code Example
8+
9+
In this noncompliant01.py code example, two elements are added to the list. Although the list continues to hold these two elements, they are never properly released, leading to retained memory that is never reclaimed. This can cause resource exhaustion or leaks.
10+
11+
[*noncompliant01.py:*](noncompliant01.py)
12+
13+
```py
14+
""" Non-Compliant Code Example """
15+
my_list = []
16+
17+
18+
def append_resource(name):
19+
print(f"Allocating resource {name}")
20+
resource = {"name": name, "active": True} # Simulated resource
21+
my_list.append(resource)
22+
23+
24+
append_resource("A")
25+
append_resource("B")
26+
27+
# Forgot to release resources
28+
#####################
29+
# attempting to exploit above code example
30+
#####################
31+
for resource in my_list:
32+
print(resource["name"], "active?", resource["active"])
33+
34+
if not any(resource["active"] for resource in my_list):
35+
print("All resources released.")
36+
37+
```
38+
39+
## Compliant Solution
40+
41+
After adding two elements, to the list, the list in this compliant01.py code example now contains zero elements because they have been cleared and properly released.
42+
43+
[*compliant01.py:*](compliant01.py)
44+
45+
```py
46+
""" Compliant Code Example """
47+
my_list = []
48+
49+
50+
def append_resource(name):
51+
print(f"Allocating resource {name}")
52+
resource = {"name": name, "active": True} # Simulated resource
53+
my_list.append(resource)
54+
55+
56+
append_resource("A")
57+
append_resource("B")
58+
59+
# Properly release resources
60+
for resource in my_list:
61+
resource["active"] = False
62+
my_list.clear()
63+
64+
65+
#####################
66+
# attempting to exploit above code example
67+
#####################
68+
for resource in my_list:
69+
print(resource["name"], "active?", resource["active"])
70+
71+
if not any(resource["active"] for resource in my_list):
72+
print("All resources released.")
73+
74+
```
75+
76+
## Related Guidelines
77+
78+
|||
79+
|:---|:---|
80+
|[MITRE CWE](http://cwe.mitre.org/)|Pillar [CWE-664: Improper Control of a Resource Through its Lifetime (4.13) (mitre.org)](https://cwe.mitre.org/data/definitions/664.html)|
81+
|[MITRE CWE](http://cwe.mitre.org/)|Class [CWE-404: Improper Resource Shutdown or Release (4.12)](https://cwe.mitre.org/data/definitions/404.html)|
82+
|[SEI CERT Oracle Coding Standard for Java](https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java)|[EXP04-J. Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type](https://wiki.sei.cmu.edu/confluence/display/java/EXP04-J.+Do+not+pass+arguments+to+certain+Java+Collections+Framework+methods+that+are+a+different+type+than+the+collection+parameter+type)|
83+
84+
## Bibliography
85+
86+
|||
87+
|:---|:---|
88+
|[Python Docs]|(<https://docs.python.org/3/tutorial/datastructures.html>)|

docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-404/compliant01.py

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
""" Compliant Code Example """
2+
my_list = []
3+
4+
5+
def append_resource(name):
6+
print(f"Allocating resource {name}")
7+
resource = {"name": name, "active": True} # Simulated resource
8+
my_list.append(resource)
9+
10+
11+
append_resource("A")
12+
append_resource("B")
13+
14+
# Properly release resources
15+
for resource in my_list:
16+
resource["active"] = False
17+
my_list.clear()
18+
19+
20+
#####################
21+
# attempting to exploit above code example
22+
#####################
23+
for resource in my_list:
24+
print(resource["name"], "active?", resource["active"])
25+
26+
if not any(resource["active"] for resource in my_list):
27+
print("All resources released.")

docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-404/noncompliant01.py

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
""" Non-Compliant Code Example """
2+
my_list = []
3+
4+
5+
def append_resource(name):
6+
print(f"Allocating resource {name}")
7+
resource = {"name": name, "active": True} # Simulated resource
8+
my_list.append(resource)
9+
10+
11+
append_resource("A")
12+
append_resource("B")
13+
14+
# Forgot to release resources
15+
#####################
16+
# attempting to exploit above code example
17+
#####################
18+
for resource in my_list:
19+
print(resource["name"], "active?", resource["active"])
20+
21+
if not any(resource["active"] for resource in my_list):
22+
print("All resources released.")

0 commit comments

Comments
 (0)