Types, Deeper Static Analysis, and you


Follow to receive video recommendations   a   A

Many projects already take advantage of static analysis tools like flake8, PyLint, and MyPy. Can we do better? In this talk, I'll discuss how to take a type checker, bolt on an interprocedural static analyzer, and delight your security team with high quality results. Abstract It is incredibly challenging to build a halfway decent static analysis tool for a dynamic language like Python. Fortunately, it gets quite a bit easier with Python type annotations. To explain why, I'll present a tool that finds security vulnerabilities by tracking dangerous flows of information interprocedurally across an entire codebase. **Then,** I'll demonstrate how that tool is really just a slightly slower, more sophisticated, type checker.

Editors Note:

I would like to work with open source projects to create a branch of the tree with all of the best videos for your open source project. Please send me an email if you are interested.