{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T01:18:04Z","timestamp":1778635084053,"version":"3.51.4"},"reference-count":80,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,12,13]],"date-time":"2021-12-13T00:00:00Z","timestamp":1639353600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,12,13]],"date-time":"2021-12-13T00:00:00Z","timestamp":1639353600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,12,13]],"date-time":"2021-12-13T00:00:00Z","timestamp":1639353600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,12,13]]},"DOI":"10.1109\/pst52912.2021.9647791","type":"proceedings-article","created":{"date-parts":[[2021,12,21]],"date-time":"2021-12-21T21:08:01Z","timestamp":1640120881000},"page":"1-10","source":"Crossref","is-referenced-by-count":30,"title":["A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI"],"prefix":"10.1109","author":[{"given":"Jukka","family":"Ruohonen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kalle","family":"Hjerppe","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kalle","family":"Rindell","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref73","year":"2020","journal-title":"J Classif"},{"key":"ref72","year":"2020","journal-title":"Apply Restrictive File Permissions"},{"key":"ref71","year":"2020","journal-title":"Validate Certificates on HTTPS Connections to Avoid Man-in-the-Middle Attacks"},{"key":"ref70","year":"2020","journal-title":"Use subprocess Securely"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236062"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09750-5"},{"key":"ref74","year":"2020","journal-title":"Simple Index"},{"key":"ref39","year":"2020","journal-title":"CVE-2017-18342 Detail"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.159"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW.2019.00023"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-04272-1_6"},{"key":"ref79","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1016\/j.infsof.2017.09.011","article-title":"Understanding Metric-Based Detectable Smells in Python Software: A Comparative Study","volume":"94","author":"zhifei","year":"2018","journal-title":"Information and Software Technology"},{"key":"ref33","year":"2020","journal-title":"CWE-322 Key Exchange without Entity Authentication"},{"key":"ref32","year":"2020","journal-title":"CWE-319 Cleartext Transmission of Sensitive Information"},{"key":"ref31","year":"2020","journal-title":"CWE-502 Deserialization of Untrusted Data"},{"key":"ref30","year":"2020","journal-title":"Cwe-327 Use of a broken or risky cryptographic algorithm"},{"key":"ref37","year":"2020","journal-title":"CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)"},{"key":"ref36","year":"2020","journal-title":"CWE-755 Improper Handling of Exceptional Conditions"},{"key":"ref35","year":"2020","journal-title":"CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"},{"key":"ref34","year":"2020","journal-title":"CWE-326 Inadequate Encryption Strength"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2018.09.039"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1177\/0049124189018002003"},{"key":"ref61","author":"spring","year":"2020","journal-title":"Towards Improving CVSS"},{"key":"ref63","year":"2020","journal-title":"Command Injection"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-018-9637-2"},{"key":"ref64","year":"2020","journal-title":"Cross-Site Scripting"},{"key":"ref27","article-title":"Static Analysis in GCC 10","author":"malcolm","year":"2020","journal-title":"Red Hat Developer Blog"},{"key":"ref65","year":"2020","journal-title":"SQL Injection"},{"key":"ref66","year":"2020","journal-title":"Use of Hard-Coded Password"},{"key":"ref29","first-page":"105","article-title":"Conditional Logit Analysis of Qualitative Choice Behavior","author":"mcfadden","year":"1974","journal-title":"Frontiers in Econometrics"},{"key":"ref67","year":"2020","journal-title":"OSSN\/OSSN-0033 Some SSL-Enabled Connections Fail to Perform Basic Certificate Checks"},{"key":"ref68","year":"2020","journal-title":"The OpenStack Project Create Use and Remove Temporary Files Securely"},{"key":"ref69","year":"2020","journal-title":"Python Pipes to Avoid Shells"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/EDCC.2016.34"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2017.77"},{"key":"ref20","author":"juranic","year":"2020","journal-title":"Back to the Future Unix Wildcards Gone Wild"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/s13278-019-0619-1"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2009.06.041"},{"key":"ref24","author":"litzenberge","year":"2020","journal-title":"Python Cryptography Toolkit (pycrypto)"},{"key":"ref23","first-page":"1274","article-title":"Empirical Study of Python Call Graph","author":"li","year":"2019","journal-title":"Proceedings of the 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE 2019)"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2009.09.004"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380923"},{"key":"ref50","year":"2020","journal-title":"subprocess – Subprocess Management"},{"key":"ref51","year":"2020","journal-title":"tempfile – Generate Temporary Files and Directories"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2810116"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2187671.2187673"},{"key":"ref57","author":"scheirlinck","year":"2020","journal-title":"httpoxy A CGI Application Vulnerability"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.aci.2017.12.002"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3319008.3319029"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/IWESEP.2018.00013"},{"key":"ref53","author":"ronacher","year":"2020","journal-title":"Quickstart"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2019.00087"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2010.06.003"},{"key":"ref11","year":"2020","journal-title":"Security in Django"},{"key":"ref40","year":"2020","journal-title":"CVE-2018-1281 Detail"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-0118-7"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36563-8_14"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1214\/aos\/1176344552"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/32.815326"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-77935-5_14"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196454"},{"key":"ref18","author":"heime","year":"2020","journal-title":"defusedxml"},{"key":"ref19","first-page":"343","article-title":"Annotation-Based Static Analysis for Personal Data Protection","author":"hjerppe","year":"2019","journal-title":"Privacy and Identity Management Data for Better Living AI and Privacy Proceedings of the 14th IFIP WG 9 2 9 6\/11 7 11 6\/SIG 9 2 2 International Summer School"},{"key":"ref80","first-page":"995","article-title":"Small World with High Risks: A Study of Security Threats in the npm Ecosystem","author":"zimmermann","year":"2019","journal-title":"Proceedings of the 28th USENIX Security Symposium"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.105"},{"key":"ref3","article-title":"Sampling in Software Engineering Research: A Critical Review and Guidelines","author":"baltes","year":"2020","journal-title":"Arch Manuscr"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57186-7_58"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-34339-2_11"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2019.2937214"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2018.09.016"},{"key":"ref49","year":"2020","journal-title":"Os - Miscellaneous operating system interfaces"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.111"},{"key":"ref46","article-title":"Python Code Quality Authority (PyCQA) and contributors","year":"2020","journal-title":"Pylint"},{"key":"ref45","article-title":"Python Code Quality Authority (PyCQA) and contributors","year":"2020","journal-title":"Bandit"},{"key":"ref48","year":"2020","journal-title":"PEP 551 – Security Transparency in the Python Runtime"},{"key":"ref47","year":"2020","journal-title":"PEP 476 – Enabling Certificate Verification by Default for stdlib HTTP Clients"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/METRIC.1998.731235"},{"key":"ref41","year":"2020","journal-title":"CVE-2019-9948 Detail"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-91602-6_6"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/2810146.2810148"}],"event":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","location":"Auckland, New Zealand","start":{"date-parts":[[2021,12,13]]},"end":{"date-parts":[[2021,12,15]]}},"container-title":["2021 18th International Conference on Privacy, Security and Trust (PST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9647713\/9647738\/09647791.pdf?arnumber=9647791","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T16:59:51Z","timestamp":1652201991000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9647791\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,13]]},"references-count":80,"URL":"https:\/\/doi.org\/10.1109\/pst52912.2021.9647791","relation":{},"subject":[],"published":{"date-parts":[[2021,12,13]]}}}