Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

Overview

django-permissions-policy

https://img.shields.io/github/workflow/status/adamchainz/django-permissions-policy/CI/main?style=for-the-badge https://img.shields.io/codecov/c/github/adamchainz/django-permissions-policy/main?style=for-the-badge https://img.shields.io/pypi/v/django-permissions-policy.svg?style=for-the-badge https://img.shields.io/badge/code%20style-black-000000.svg?style=for-the-badge pre-commit

Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

Requirements

Python 3.6 to 3.9 supported.

Django 2.2 to 3.2 supported.


Are your tests slow? Check out my book Speed Up Your Django Tests which covers loads of best practices so you can write faster, more accurate tests.


Installation

  1. Install with pip:
python -m pip install django-permissions-policy

2. Add the middleware in your MIDDLEWARE setting. It’s best to add it after Django's SecurityMiddleware, so it adds the header at the same point in your stack:

MIDDLEWARE = [
    ...,
    "django.middleware.security.SecurityMiddleware",
    "django_permissions_policy.PermissionsPolicyMiddleware",
    ...,
]
  1. Add the PERMISSIONS_POLICY setting to your settings, naming at least one feature. Here’s an example that sets a strict policy to disable many potentially privacy-invading and annoying features for all scripts:

    PERMISSIONS_POLICY = {
        "accelerometer": [],
        "ambient-light-sensor": [],
        "autoplay": [],
        "camera": [],
        "display-capture": [],
        "document-domain": [],
        "encrypted-media": [],
        "fullscreen": [],
        "geolocation": [],
        "gyroscope": [],
        "interest-cohort": [],
        "magnetometer": [],
        "microphone": [],
        "midi": [],
        "payment": [],
        "usb": [],
    }

    See below for more information on the setting.

Setting

Change the PERMISSIONS_POLICY setting to configure the contents of the header.

The setting should be a dictionary laid out with:

  • Keys as the names of browser features - a full list is available on the W3 Spec repository. The MDN article is also worth reading.

  • Values as lists of strings, where each string is either an origin, e.g. 'https://example.com', or of the special values 'self' or '*'. If there is just one value, no containing list is necessary. To represent no origins being allowed, use an empty list.

    Note that in the header, domains are wrapped in double quotes - do not include these quotes within your Python string, as they will be added by the middleware.

If the keys or values are invalid, ImproperlyConfigured will be raised at instantiation time, or when processing a response. The current feature list is pulled from the JavaScript API with document.featurePolicy.allowedFeatures() on Chrome.

For backwards compatibility with old configuration, the value 'none' is supported in lists, but ignored - it's preferable to use the empty list instead. It doesn't make sense to specify 'none' alongside other values.

Examples

Disable geolocation entirely, for the current origin and any iframes:

PERMISSIONS_POLICY = {
    "geolocation": [],
}

Allow autoplay from only the current origin and iframes from https://archive.org:

PERMISSIONS_POLICY = {
    "autoplay": ["self", "https://archive.org"],
}

Allow autoplay from all origins:

PERMISSIONS_POLICY = {
    "autoplay": "*",
}
Comments
  • Unrecognized feature: 'ambient-light-sensor'

    Unrecognized feature: 'ambient-light-sensor'

    Python Version

    3.8

    Django Version

    3.2

    Package Version

    latest

    Description

    After setting the example:

    PERMISSIONS_POLICY = {
        "accelerometer": [],
        "ambient-light-sensor": [],
        "autoplay": [],
        "camera": [],
        "display-capture": [],
        "document-domain": [],
        "encrypted-media": [],
        "fullscreen": [],
        "geolocation": [],
        "gyroscope": [],
        "magnetometer": [],
        "microphone": [],
        "midi": [],
        "payment": [],
        "usb": [],
    }
    

    Chrome shows:

    Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
    
    opened by dchimeno 6
  • chrome has error messages in the console

    chrome has error messages in the console

    Thanks for your work on this project.

    I'm using this config:

    PERMISSIONS_POLICY = {
        'accelerometer': [],
        'ambient-light-sensor': [],
        'autoplay': [],
        'camera': [],
        'document-domain': [],
        'encrypted-media': [],
        'fullscreen': [],
        'geolocation': [],
        'gyroscope': [],
        'magnetometer': [],
        'microphone': [],
        'midi': [],
        'payment': [],
        'sync-xhr': [],
        'usb': [],
    }
    

    I see these errors in the chrome console:

    Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
    Error with Feature-Policy header: Feature accelerometer has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature autoplay has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature camera has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature document-domain has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature encrypted-media has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature fullscreen has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature geolocation has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature gyroscope has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature magnetometer has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature microphone has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature midi has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature payment has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature sync-xhr has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Feature-Policy header: Feature usb has been specified in both Feature-Policy and Permissions-Policy header. Value defined in Permissions-Policy header will be used.
    Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
    

    I'd prefer no errors in the chrome console. It's noisy and intimidating.

    opened by dfrankow 6
  • Bump sqlparse from 0.4.1 to 0.4.2 in /requirements

    Bump sqlparse from 0.4.1 to 0.4.2 in /requirements

    Bumps sqlparse from 0.4.1 to 0.4.2.

    Changelog

    Sourced from sqlparse's changelog.

    Release 0.4.2 (Sep 10, 2021)

    Notable Changes

    Enhancements

    • Add ELSIF as keyword (issue584).
    • Add CONFLICT and ON_ERROR_STOP keywords (pr595, by j-martin).

    Bug Fixes

    • Fix parsing of backticks (issue588).
    • Fix parsing of scientific number (issue399).
    Commits
    • b1f76f6 Update changelog.
    • 3eec44e Update Changelog and bump version.
    • 8238a9e Optimize regular expression for identifying line breaks in comments.
    • e660467 Fix parsing of scientific numbers (fixes #399).
    • 23d2993 Update authors and changelog.
    • acc2810 keyword, add ON_ERROR_STOP
    • 282bcf1 keyword, add CONFLICT to postgres keywords
    • 63885dd Add ELSIF as keyword (fixes #584).
    • e575ae2 Fix parsing of backticks (fixes #588).
    • fe39072 Switch back to development mode.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Bump django from 3.0.13 to 3.1.6 in /requirements

    Bump django from 3.0.13 to 3.1.6 in /requirements

    Bumps django from 3.0.13 to 3.1.6.

    Commits
    • 3235a7b [3.1.x] Bumped version for 3.1.6 release.
    • 02e6592 [3.1.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archiv...
    • 03a8678 [3.1.x] Fixed GeoIPTest.test04_city() failure with the latest GeoIP2 database.
    • a271d8c [3.1.x] Modernized custom manager example
    • 82e1294 [3.1.x] Fixed #32391 -- Used CSS flex properties for changelist filter.
    • b920945 [3.1.x] Fixed #32388 -- Clarified QuerySet.bulk_update() caveat about duplica...
    • fa203f1 [3.1.x] Fixed #32348, Refs #29087 -- Corrected tutorial for updated deleting ...
    • 18adc89 [3.1.x] Refs #32372 -- Updated manager name in related objects reference docs.
    • cc5ee23 [3.1.x] Fixed #32372 -- Made examples in related objects reference docs consi...
    • 2a74248 [3.1.x] Fixed #32371 -- Doc'd jquery.init.js dependency for admin widgets.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 2
  • Support rename to Permissions-Policy

    Support rename to Permissions-Policy

    The header is being renamed to Permissions-Policy. See:

    • https://github.com/django/django/pull/11735
    • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
    • https://w3c.github.io/webappsec-feature-policy/ - spec was last updated 10 july to say Permissions-Policy

    I think we could do a release that adds both Feature-Policy and Permissions-Policy as the headers. Idk about renaming the package.

    opened by adamchainz 2
  • Reduce the impact on every request

    Reduce the impact on every request

    • Use a set for faster membership test
    • Generate the header once at boot time
    • Disable the middleware if no header need to be added

    fixes https://github.com/adamchainz/django-feature-policy/issues/21

    opened by rik 2
  • Ideas to reduce the CPU impact of this middleware

    Ideas to reduce the CPU impact of this middleware

    I've had two ideas to save some CPU cycles but before implementing them, I wanted to check if you'd be interested in those changes:

    1. Change FEATURE_NAMES to a set to speed up if feature not in FEATURE_NAMES
    2. Generate and save the header in __init__. Django settings are not supposed to change so __call__ could write the string into the header. That means using django.test.signals.setting_changed for testing purposes though.
    opened by rik 2
  • Bump django from 3.2.12 to 3.2.13 in /requirements

    Bump django from 3.2.12 to 3.2.13 in /requirements

    Bumps django from 3.2.12 to 3.2.13.

    Commits
    • 08e6073 [3.2.x] Bumped version for 3.2.13 release.
    • 9e19acc [3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against...
    • 2044dac [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), a...
    • bdb92db [3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader ...
    • 70035fb [3.2.x] Added stub release notes for 3.2.13 and 2.2.28.
    • 7e7ea71 [3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
    • 610ecc9 [3.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
    • 754af45 [3.2.x] Fixed typo in release notes.
    • 6f30916 [3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.
    • 1e6b555 [3.2.x] Post-release version bump.
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump django from 3.0.14 to 3.1.14 in /requirements

    Bump django from 3.0.14 to 3.1.14 in /requirements

    Bumps django from 3.0.14 to 3.1.14.

    Commits
    • 840bebf [3.1.x] Bumped version for 3.1.14 release.
    • 22bd174 [3.1.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream...
    • cfb780d [3.1.x] Added stub release notes 3.1.14 and 2.2.25.
    • 61c2d58 [3.1.x] Added 'formatter' to spelling wordlist.
    • 9dd1f95 [3.1.x] Fixed #33082 -- Fixed CommandTests.test_subparser_invalid_option on P...
    • febc980 [3.1.x] Refs #31676 -- Updated technical board description in organization docs.
    • 34a0bb5 [3.1.x] Refs #31676 -- Added Mergers and Releasers to organization docs.
    • d94b1e4 [3.1.x] Refs #31676 -- Removed Core team from organization docs.
    • cd391be [3.1.x] Fixed typo in docs/releases/3.1.13.txt.
    • cb149dd [3.1.x] Refs #31676 -- Removed Django Core-Mentorship mailing list references...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Removed `interest-cohort` is still referenced in README

    Removed `interest-cohort` is still referenced in README

    Python Version

    3.7.12

    Django Version

    2.2.27

    Package Version

    4.8.0

    Description

    Feature interest-cohort has been deleted in the latest release but it is still listed under README.

    Copy-pasting the settings from README, leading to the not working solution:

      File "/home/docker/venv/lib/python3.7/site-packages/django/core/wsgi.py", line 13, in get_wsgi_application
        return WSGIHandler()
      File "/home/docker/venv/lib/python3.7/site-packages/django/core/handlers/wsgi.py", line 135, in __init__
        self.load_middleware()
      File "/home/docker/venv/lib/python3.7/site-packages/django/core/handlers/base.py", line 37, in load_middleware
        mw_instance = middleware(handler)
      File "/home/docker/venv/lib/python3.7/site-packages/django_permissions_policy/__init__.py", line 83, in __init__
        self.header_value  # Access at setup so ImproperlyConfigured can be raised
      File "/home/docker/venv/lib/python3.7/site-packages/django/utils/functional.py", line 80, in __get__
        res = instance.__dict__[self.name] = self.func(instance)
      File "/home/docker/venv/lib/python3.7/site-packages/django_permissions_policy/__init__.py", line 101, in header_value
        raise ImproperlyConfigured(f"Unknown feature {feature}")
    django.core.exceptions.ImproperlyConfigured: Unknown feature interest-cohort
    

    Could you please update the README for the supported features

    P.S. also cannot find in the spec this feature: ch-ua-wow64. Checked here

    opened by sshishov 1
  • report-only mode for all features

    report-only mode for all features

    Keep an eye on: https://github.com/WICG/feature-policy/blob/master/reporting.md#can-i-just-trigger-reports-without-actually-enforcing-the-policy

    All features will apparently allow 'report-only' in which case the browser sends a report for use of that feature.

    opened by adamchainz 1
Owner
Adam Johnson
🦄 @django technical board member 🇬🇧 @djangolondon co-organizer ✍ AWS/Django/Python Author and Consultant
Adam Johnson
👑 Discovery Header DoD Bug-Bounty

?? Discovery Header DoD Bug-Bounty Did you know that DoD accepts server headers? ?? (example: apache"version" , php"version") ? In this code it is pos

KingOfTips 38 Aug 9, 2022
An automated header extensive scanner for detecting log4j RCE CVE-2021-44228

log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.

null 2 Dec 16, 2021
This tool allows to automatically test for Content Security Policy bypass payloads.

CSPass This tool allows to automatically test for Content Security Policy bypass payloads. Usage [cspass]$ ./cspass.py -h usage: cspass.py [-h] [--no-

Ruulian 30 Nov 22, 2022
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

James 41 Dec 30, 2022
Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Frank 3 Feb 7, 2022
Security audit Python project dependencies against security advisory databases.

Security audit Python project dependencies against security advisory databases.

null 52 Dec 17, 2022
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

Abhinav Pathak 5 May 18, 2022
HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

Google Cloud Platform 854 Dec 30, 2022
🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

QeeqBox 259 Dec 31, 2022
This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

Ashish Kunwar 33 Sep 23, 2022
Safety checks your installed dependencies for known security vulnerabilities

Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but

pyup.io 1.4k Dec 30, 2022
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

Nano 108 Dec 4, 2021
A security system to warn you when people enter your room 🎥

Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid

ScriptLine 1 Jan 11, 2022
Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

RedTeam Toolkit Note: Only legal activities should be conducted with this project. Red Team Toolkit is an Open-Source Django Offensive Web-App contain

Mohammadreza Sarayloo 382 Jan 1, 2023
Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods This repository is the official implementation of Seohong Park, Jaeky

Seohong Park 6 Aug 2, 2022
Safe Policy Optimization with Local Features

Safe Policy Optimization with Local Feature (SPO-LF) This is the source-code for implementing the algorithms in the paper "Safe Policy Optimization wi

Akifumi Wachi 6 Jun 5, 2022
Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method

Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method Hieu Trung Nguyen, Khang Tran and Ngoc Hoang Luong Setup Clone thi

Evolutionary Learning & Optimization (ELO) Lab 6 Jun 29, 2022
Bandit is a tool designed to find common security issues in Python code.

A security linter from PyCQA Free software: Apache license Documentation: https://bandit.readthedocs.io/en/latest/ Source: https://github.com/PyCQA/ba

Python Code Quality Authority 4.8k Dec 31, 2022