Looking at the CERT Secure Standards (Example: https://www.securecoding.cert.org), there are specific standards, with great examples of what good and bad code looks like, for C, C++, Java, even Perl but not Python. Are there any Python specific standards are guidelines, preferably with examples available?
http://www.pythonsecurity.org/ appears to be focused security concerns in Python itself and on building an alternative Python binary to resolve these. A noble, but not recently active, cause. I'm looking for something that gives guidance to developers on what not to do and what to do instead.
Seeing as lot of people are recommending formatting guidelines (PEP8), I have one that is actually for security.
There is a project in OpenStack (very big python based platform), called Bandit. It is a security lint tool.
https://github.com/PyCQA/bandit
You can run this tool against your own code, or if you wish to learn the inners of secure python coding, then take a look at the examples directory.
One place to look at a secure coding standard is
https://vulncat.fortify.com/en
There you have listed coding errors that affect security. It contains many languages, Python being one of those.
I have also been looking for an academic/free secure coding standard for Python. I haven't yet found a good one. I think that SEI CERT should step up and make such a standard. According to their latest webinar on Secure Coding, they are considering this possibility.
I would recommend using a text editor with a code linter for PEP8, or attempting to learn the PEP8 guidelines themselves. PEP8 lists the style recommendations for Python programmers and is quite comprehensive, which has then been adopted into plugins or directly into editors to ensure code meets these style guidelines.
Python is wonderful in that there are many available code linters, those that recommend proper style based on PEP8.
Great examples of this include Sublime Text with PyLinter or Flake8, or PyCharm without plugins (both freemium, fully-fledged for free use).
I would personally recommend Flake8 or PyCharm over PyLinter if you like to have some "creative liberty", as PyLinter is quite strict.
I posted this in another thread, but we recently released a security linter called DevSkim for Visual Studio, VS Code, and Sublime Text. It targets multiple languages, and is focused on finding security vulnerabilities.
CERT was developing a Python Secure Coding standard - but nothing seems to have come from their efforts for a number of years.
https://wiki.sei.cmu.edu/confluence/display/seccode
Several CERT folks state in presentations that the Python Secure Coding v1.0 is "under development".
You can refer to my blogpost for coding guidelines in python. You need to follow PEP8 coding guidelines. Autopep8 is a tool that automatically formats Python code to conform to the PEP 8 style guide. To run autopep8:
autopep8 TARGET.py
Related
During developing one of my applications, I've come to a point where I'd like to give the users a more powerful filter. Therefore, I'd like to provide a simple scripting interface to the users. The scripting language would be Python.
For obvious reasons, I'd like to tighten the scope of the language to match my particular purposes (I don't want the users to touch the server's HDD files etc.). I also don't want to write a Python interpreter myself (which would be reinventing the wheel and the "new" wheel would be rectangular in the end). However, I haven't found any suitable library or module for this purpose.
Groovy's approach with its Compilation Customizers and Compiler Configuration would be exactly what I want, does something similar exist for Python?
What you're looking for is called a "sandbox" or "restricted execution." This wiki page discusses some of the details.
In a nutshell, there have been several efforts by Python geeks and gurus to build a sandbox on top of Python but they all failed eventually.
The main reason is that Python offers so many paths to do something that the sandbox would either have to forbid common use cases (rendering a lot of the library and Python code useless) or it would have to have holes in the sandbox which would make the concept useless.
So while it looks like a good and simple idea, so far, there is no solution. AFAIK, there are no hooks in Python to tweak the byte code compiler to achieve something like Groovy Sandbox.
Related:
How can I sandbox Python in pure Python?
Is there a "safe" subset of Python for use as an embedded scripting language?
I really loved this feature when I used Eclipse for Java programming, but I can't find the same functionality for a Python editor. IDLE and Pyscripter are nice, but they don't help in this area.
Basically, I just want the option to collapse or otherwise hide functions that I don't feel like looking at for a while. Know of anything like this?
In addition to the aforementioned (great) editors, you might want to give PyDev a shot as well.
Geany can do this.
Notepad++ has this feature.
Komodo Edit IDE, for Windows, Mac and Linux, for Python, PHP, Ruby, JavaScript, Perl and Web Dev.
I've used Komodo Edit and Notepad++ in the past but my current preference is Sublime Text Edit 2.
Although not free (and actually quite expensive), it can be used in free mode with only an occasional reminder and no other restrictions.
It is actually written in Python so you get a Python console built in - you can also get other consoles such as JavaScript. It is VERY flexible & has some very good features. It is also has an excellent community with loads of very useful plugins.
It is much lighter on resource usage than Komodo, can use Textmate bundles directly (so gets loads of formatting options for different file types). It is cross-platform and doesn't even need installation on Windows.
Pycharm CE, from Jet Brains, indeed, wonderful. Functions and comments collapse is ready out of the box, as well as edit helpers. Project files and assets organization, integrated python console, powerful debugging tools,... Then, lots of plugins: git integration, tinycode view, extra languages' helpers and highlighters,.... anything you need when coding, but simple and easy to use. There's a Pro (paid) version for those who want even more.
https://www.jetbrains.com/pycharm/download
(This question is more than 10 years old. I got surprised, nobody answered about Pycharm before...)
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 12 years ago.
Basically, me and a friend of mine are just planning to work on a Python project which would have GUI interface, and enable file transfer over and remote file listing. We have most of the tools which we are going to use, Glade, Python etcetera.
I just want to know if I should use an IDE or not.
I've heard only good things about Anjuta, but not convinced of its Python support; care to comment?
And also is there any other good IDE I should check out?
Currently I am just planning on coding as usual in vim.
The ability to debug using an IDE makes your life so much easier.
Python is a particularly strange language in that having a full-fledged IDE doesn't really add much (and some would argue that an IDE tends to severely limit your thinking-flow in Python). I've been using regular Vim and Gedit to develop in Python and never really missed using IDE.
Text editors like Vim or Emacs itself can be configured quite flexibly to match an IDE power though, so it doesn't really matter which way you go.
There are numerous IDEs you can check out. Take a look at PyDev, PIDA, Komodo, Eric.
I personally don't think IDEs add that much to software development (on this scale and in this language). Python has fine external debugging tools and refactoring is not that hard with a program of this size.
Do you currently use or want to use any features you miss in your current editor? If so, pick another one, else, stick with what you like most.
As long as it has version control integration you should be fine.
Personally I do most my Python coding in Vim, but once in a while I feel like using a full-IDE and I use Eclipse with Pydev at those times.
It depends on your own preference, some people absolutely love Vim and won't use anything else. Others just can't work without an IDE.
Here's a list of:
Python IDEs: http://wiki.python.org/moin/IntegratedDevelopmentEnvironments
Python editors: http://wiki.python.org/moin/PythonEditors
In terms of using an IDE or not, it doesn't matter. I prefer using an IDE since I like having the tools I need bundled up into one nice, neat little package that can handle all of my development. However, using a text editor is just as good, especially ones as powerful and extensible as vi(m) and (x)emacs. The real reasons for using an IDE, though, are code completion, management of indentation, code folding, refactoring support, and debugging.
If you want to check out other IDEs for Python development, I would suggest also looking at NetBeans and Eclipse with the appropriate plugins. I, personally, prefer NetBeans since I have a feeling that PyDev is going to be going downhill since Aptana bought them (previously, they ruined RadRails, which is the Eclipse plugin for Ruby on Rails development) and don't want to get comfortable with a tool that might not be useful long-term.
With Java, I'd say no IDE for beginners, because you have to understand CLASSPATH first.
With Python, I'd say PyCharm from JetBrains. IntelliJ is the best Java IDE; PyCharm is making my Python work a pleasure.
IMHO, not using IDE to develop is just like using typewriter to write a novel. Nobody said you can't, but why you have to try that hard when you already have laptop?
I code in Vim for python. If you want to use an IDE then I would recommend IntelliJ's PyCharm. I use vim because the actual editing is far superior and if you are a power user there is very little that you can't do easily.
PyCharm provides help with api by providing completion and helps with some basic refactoring. These advantages though wear of sooner than you would expect. I use grep and vim regex to do refactoring - its a bit more work than pycharm but if you can manage it then the advantages of vim clearly outweigh using an ide.
I assume that you are developing in a *nix environment, if you use windows then I would recommend using an Ide.
As opposed to some other guys here, I think that an IDE does add much to software development, even for a dynamically typed language like Python which makes it harder to do static analysis.
My preferred IDE for Python development is Eclipse with PyDev. Before that, I coded in Notepad++ which isn't much different than the PyDev editor in terms of features. PyDev has some great features that you won't find in a "normal" editor:
It shows warnings and syntax errors (almost) in realtime. A text editor won't tell me about typos, but PyDev does. As another example, unresolved imports or undefined functions (e.g. because of a typo) are marked as warnings/errors. And there are many more common mistakes that are automatically detected, and PyDev can be integrated with pylint so that warnings and errors from pylint are displayed with the usual icons in the editor.
Autocompletion by introspection
Outline view of the current module and its classes
Additionally, Eclipse itself is also great for any kind of programming project. I especially like the fully integrated interface - project explorer, editor, outline, console, problems overview, run configurations and so on. When using Vim, Emacs or similar, I guess you would have to install lots of plugins or custom scripts to achieve the same.
As you said you want to do a project, I think that Eclipse is a good choice. For quickly hacking a small Python script, it's overkill of course.
If you just start learning python/glade/gtk stack, I'd say you should start without an IDE just to learn how it works internally. This will help you later when your code will be bigger and more complex.
However, good IDE helps in so many ways I wouldn't recommend against using any in the long run. This article might help you decide whether you need any: http://infoworld.com/d/developer-world/infoworld-review-nine-fine-python-development-tools-374
it's horses for courses, personally i'm much happier with textmate or vim and a nice cup of coffee but it's what feels more comfortable to you.
there's no shame in using an IDE, if it's what gets your idea out there to the masses the most productive then use whatever you like.
however when starting out i'd favour something with intellisense as it'll teach you the basics as you type, give it a year and you'll be a master at it.
Two ways to approach this:
Use what you're used to. If you have used an editor in the past and know its quirks, stick with it. You'll waste less time figuring out how to work with the tool and spend more time on the actual project.
Use something new. Anjuta, vim, whatever, as long as you haven't spent too much time with it so far. You'll learn a whole lot of stuff besides your actual project, but the project itself won't be done as fast as could be.
Personally, I prefer 2. Always learn something new, as long as it's not crunch time and it-has-to-be-done-by-friday. An IDE can help you only so much, but when you're still in the learning phase the more time you spend on the code yourself, the better.
I'm not a Python programmer, but I prefer not to use IDEs.
The reason for this is that I find IDEs are often big and do too many things for me, whereas using Notepad++ and the command prompt allows me to trim things down to suit my needs rather than being surrounded by features that I don't use. This allows me to learn more easily, because I have more control over what happens.
Don't learn coding with an IDE. Code with it!
I find using an IDE to dramatically help my Python code productivity. In particular, using wingide makes coding in python a pleasure. It has all the normal things you would expect (syntax highlighting, auto-complete, etc) but the killer features are the debugger and the debug probe.
These two features are worth the cost of the program. It lets you see the live state of the application and try out python statements live at breakpoints. I find this especially helpful to explore the current state and to try out some code to see if it will work. I often write some of the trickier sections of code in the debug probe live and them copy them into my application. Very nice.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm looking to set up my development environment at home for writing Windows applications in Python.
For my first piece, I'm writing a simple, forms-based application that stores data input as XML (and can read that information back.) I do want to set up the tools I'd use professionally, though, having already done a round of didactic programming.
What tools are professional python developers using these days? In order to have a working python environment, what version of the compiler should I be using? What editor is common for professionals? What libraries are considered a must-have for every serious python developer?
Specifically, which Windowing and XML libraries are de rigeur for working in Windows?
I like Eclipse + PyDev (with extensions).
It is available on Windows, and it works very well well. However, there are many other IDEs, with strengths and weakness.
As for the interpreter (Python is interpreted, not compiled!), you have three main choices: CPython, IronPython and Jython.
When people say "Python" they usually refer to "CPython" that is the reference implementation, but the other two (based, respectively, on .Net and Java) are full pythons as well :-)
In your case, I would maybe go on IronPython, because it will allow you to leverage your knowledge of .Net to build the GUI and treating the XML, while leaving the implementation of business logic to Python.
Finally, should you decide to use CPython, finally, there are several choices for working with xml:
minidom; included in the standard library
lxml, faster and with a better API; it means an additional installation on top of Python.
Lots of questions, most hard to answer correctly. First of all, most of python development happens on unix-like platforms. You will hit many walls during development on Windows box.
Python is not a compiled lanugage, current preferred version for production is 2.5. For environement setup you should take a look at virtualenv. Editor is a personal choice, many Python developers use Vim, you can customize it pretty well to suite your needs.
About libraries, Python is very strong around this area and it's really hard to say what is a must to know. If you want to handle XML, I would preffer lxml.
If you go for CPython, make sure you get the win32 extensions by Mark Hammond, either as a separate download which you install on top of the vanilla Python installation, or as part of ActiveState's ActivePython. It includes an integrated editor and debugger.
Jython has recently reached 2.5 compliancy, but we quickly ran into recursion limit issues.
The standard distribution includes IDLE, a graphical editor and debugger.
I like shells, so I'm using IPython for interactive work, and pydb as debugger (unfortunately, I had problems getting pydb to work under Windows).
"What tools are professional python developers using these days?"
Lots
"In order to have a working python environment, what version of the compiler should I be using?"
["compiler" is meaningless. I'll assume you mean "Python"]
We use 2.5.4. We'll be upgrading to 2.6 as soon as we've done the testing.
"What editor is common for professionals?"
We use Komodo Edit.
"What libraries are considered a must-have for every serious python developer?"
We use Django, XLRD, PIL, and a few others. We don't plan this kind of thing in advance. As our requirements arrive, we start looking for libraries. We don't "pre-load" a bunch of "must-have" libraries. The very idea is silly. We load what we need to solve the problems we have.
There are no set standards in these matters, and for good reasons:
there is a fair amount of good choice
different people are productive with different tools
different tools and libraries are suited for solving different problems
That said, I think it's a valid question exactly because there is a fair amount of good choice. When there is too much choice people often do not chose at all and move on. You still need to do your own research to decide what is best for you but you may find here some good starting points.
Here is what I use professionally on windows:
python 2.5.4
latest wxPython
XRC Resource Editor from the wxPython docs & demos for the grunt of the tedious GUI design
lxml or gnosis utils for xml
WingIDE Professional
Taking the headline question literally, the answer has to be IronPython. The 2.0 releases are equivalent to CPython 2.5, and the 2.6 release (currently at beta2) is intended to match CPython 2.6 (full 2.6 release some time in the next couple of months). With either you can use the state of the art in Windows GUI frameworks, i.e. WPF; and you get the whole .net XML support libraries (excepting Linq to XML, which relies on clever bits of C# that IronPython cannot yet emulate).
I've used NetBeans Python plug-in happily as an IDE for IronPython using WPF.
The answer would depend on what you want to do with Python. If you want to do web programming, Python is blessed with many web frameworks. The most popular ones are: Django, Pylons, and Turbogears. There's also Google App Engine, where you can deploy your Python webapp (based on GAE framework) to Google's infrastructure. If you want to do Desktop programming then there is PyQT and TkInter, or you can even try using Java Swing with Jython. And if you want to do Mobile app programming then there is Python for S60 which is backed by Nokia.
Python is interpreted language, so there is no compiler (although the interpreter also compiles your python module into bytecode). I would recommend using Python 2.6 as it has some syntax and libraries that is different compared to 2.5. You can also start learning Python 3.0 too.
There is several IDE that is good for Python. You don't have to get yourself attached into one editor/IDE because most of them are good ones. For the commercial ones there is WingIDE which is really focus on making IDE for Python and I would really recommend IntelliJ IDEA with Python plugin which is really nice if you often look at the libraries in your Python environment. For the free ones (as others have said) there is Komodo Edit or you can also try Netbeans with Python plugin.
As for the must-have libraries, this is depending on what you want to do. What kind of application you want to develop with Python. But I think every Python developer should consider PIL for imaging library. I also use simplejson quite often, because I prefer using JSON rather than XML. If you are using XML though, you can use lxml as it is really fast in parsing XML.
I'm a beginning Python programmer, just getting my feet wet in the language and its tools and native practices. In the past, I've used languages that were tightly integrated into IDEs, and indeed I had never before considered that it was even possible to program outside of such a tool.
However, much of the documentation and tutorials for Python eschew any sort of IDE, relying instead on powerful editors and interactive interpreters for writing and teaching the language.
How important is an IDE to normal Python development?
Are there good IDEs available for the language?
If you do use an IDE for Python, how do you use it effectively?
IDEs arent very useful in Python; powerful editors such as Emacs and Vim seem very popular among Python programmers.
This may confuse e.g. Java programmers, because in Java each file generally requires boilerplate code, such as a package statement, getters and setters.
Python is much more lightweight in comparison.
If you're looking for an equivalent to Visual Studio or Eclipse, there is... Eclipse, with Pydev.
Emacs and Vim are very powerful and general, but have a steep learning curve.
If you want to use Emacs, I highly recommend python mode; it's much better than the default Python mode.
A matter of habit and personal preferences. Me, I use vim (I have to admit emacs is at least as powerful, but my fingers are deeply trained by over 30 years of vi, and any other editor gives me the jitters, especially when it tries to imitate vi and never really manages to get it 100% right;-), occasionally an interactive environment (python itself, sometimes ipython), and on even rarer occasions a debugger (pdb). A good editor gives me all I need in term of word completion, lookup, &c.
I've tried Eclipse, its plugins, eric, and Kommodo, but I just don't like them -- Wing, I think I could get used to, and I have to admit its debugger is absolutely out of this world... but, I very rarely use (or need!) advanced debugging functionality, so after every rare occasion I'd forget, and have to learn it all over again a few months later when the need arose again... nah!-)
How important is an IDE to normal Python development?
Not very, IMHO. It's a lightweight language with much less boilerplate and simpler idioms than in some other languages, so there's less need for an IDE for that part.
The standard interactive interpreter provides help and introspection functionality and a reasonable debugger (pdb). When I want a graphical look at my class hierarchies, I use epydoc to generate it.
The only IDE-like functionality I sometimes wish I had is something that would help automate refactoring.
Are there good IDEs available for the language?
So I hear. Some of my coworkers use Wing.
If you do use an IDE for Python, how do you use it effectively?
N/A. I tried using Wing a few times but found that it interfered with my normal development process rather than supporting it.
The IDE you use is a personal and subjective thing, but it definitely matters. Personally, for writing short scripts or working with python interactively, I use PyDee available at http://pydee.googlecode.com/ . It is well done, fairly lightweight, but with good introspection capabilities.
For larger projects involving multiple components, I prefer Eclipse with appropriate plugins. It has very sophisticated management and introspection capabilities. You can download it separately or get it as part of Python (X,Y) at http://www.pythonxy.com/ .
In contrast to the other answers i think that IDE's are very important especially for script languages. Almost all code is bad documentated and an IDE with a good debugger gives you much insides about what is really going on what datatypes are assigned to this values. Is this a hash of lists of hashes or a list of hashs of hashs.
And the easy documentation lookup will save you time.
But this is only important for people who need to count there time, this normally excludes beginners or hobbyists.
(1) IDEs are less important than for other languages, but if you find one that is useful, it still makes things easier. Without IDEs -- what are doing? Always running Python from command line?
(2-3) On my Mac there's included IDLE which I keep always open for its Python shell (it's colored unlike the one in Terminal) and I use free Komodo Edit which I consider to be well-suited for Python as it doesn't go into the language deeply but rather focuses on coloring, tab management, parsing Python output, running frequent commands etc.