Documentation

Security Description

The code shown for resumable training is open source. The users and user groups of the related Python and shell scripts must be the same. For security purposes, you are advised to verify the input parameters, file directories, and file paths.

The verification items of the input parameters include but are not limited to the following:

  • If external variables are used as a part of a command, strict parameter verification and anti-injection measures must be taken.
  • If external variables obtained from environment variables are used for command concatenation, strict verification and anti-injection measures must be taken.
  • All processes should follow the principle of least privilege to avoid serious consequences caused by injection.
  • External variables cannot be directly used as commands in the code.
  • Security specifications of various programming languages must be complied with.

The verification items of the file paths include but are not limited to the following:

  • The path length is limited.
  • Special character filtering and anti-bypass mechanisms are provided for paths.
  • No command injection exists.
  • Processes must follow the principle of least privilege.
  • No high-risk path exists in the trustlist.
  • The authenticity of the file paths is verified, and exceptions are thrown.
  • Command injection is an unexpected behavior caused by controllable external variables.
  • The recovery policy applies only to Python 3.7 and Python 3.9
  • During script adaptation, you need to locate exceptions and handle them using service logic as required.
Parent topic: Appendixes
This site uses cookies to improve your browsing experience. By continuing to browse this site, you agree to our use of cookies.View Details