Pieter Hooimeijer - Types, Deeper Static Analysis, and you - PyCon 2018

Speaker: Pieter Hooimeijer Many projects already take advantage of static analysis tools like flake8, PyLint, and MyPy. Can we do better? In this talk, I'll discuss how to take a type checker, bolt on an interprocedural static analyzer, and delight your security team with high quality results. Abstract It is incredibly challenging to build a halfway decent static analysis tool for a dynamic language like Python. Fortunately, it gets quite a bit easier with Python type annotations. To explain why, I'll present a tool that finds security vulnerabilities by tracking dangerous flows of information interprocedurally across an entire codebase. **Then,** I'll demonstrate how that tool is really just a slightly slower, more sophisticated, type checker. Slides can be found at: https://speakerdeck.com/pycon2018 and https://github.com/PyCon/2018-slides