Unexpected Execution - Wild Ways Code Execution Can Occur in Python

Explore the unexpected and often overlooked ways code execution can occur in Python during this 25-minute PyCon US talk. Delve into both common and obscure methods of achieving code execution on Python servers, going beyond the well-known eval and exec functions. Discover surprising vulnerabilities in seemingly innocuous features like yaml and str.format. Follow along with practical, real-world examples of code execution vulnerabilities found in production environments, as well as more unusual and entertaining remote code execution exploits. Conclude with valuable insights into how Facebook detects and prevents these exploit vectors using Pysa, an open-source Python Static Analyzer. Download the accompanying demos from GitHub to practice and reinforce your understanding of these security concepts. Learn how to leverage static analysis tools to identify and mitigate the vulnerabilities discussed, enhancing your ability to write more secure Python code.

TALK / Graham Bleaney, the_storm/ Unexpected Execution: Wild Ways Code Execution can Occur in Python