Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added Security.md #12459

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ repos:
rev: "v2.5.0"
hooks:
- id: pyproject-fmt
language_version: python3.12

- repo: local
hooks:
Expand Down
56 changes: 56 additions & 0 deletions data_structures/arrays/kadanes_algorithm.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
class KadaneAlgorithm:
"""
Kadane's Algorithm to find the maximum sum
of a contiguous subarray in a given array.

Time Complexity: O(n)
Space Complexity: O(1)

The function works efficiently with both positive and negative integers.

Usage:
>>> kadane = KadaneAlgorithm()
>>> kadane.max_subarray_sum([1, 2, 3, -2, 5])
9
>>> kadane.max_subarray_sum([-1, -2, -3, -4])
-1
>>> kadane.max_subarray_sum([1, 2, 3, 4])
10
>>> kadane.max_subarray_sum([10, -10, 20, -5, 10])
25
"""

def __init__(self):
pass

def max_subarray_sum(self, arr: list[int]) -> int:
"""
This function finds the maximum sum of a
contiguous subarray using Kadane's Algorithm.

:param arr: List of integers.
:return: Maximum sum of a contiguous subarray.

Raises:
ValueError: If the input array is empty.

>>> kadane = KadaneAlgorithm()
>>> kadane.max_subarray_sum([1, 2, 3, -2, 5])
9
>>> kadane.max_subarray_sum([-1, -2, -3, -4])
-1
>>> kadane.max_subarray_sum([1, 2, 3, 4])
10
>>> kadane.max_subarray_sum([10, -10, 20, -5, 10])
25
"""
if not arr:
raise ValueError("Input array cannot be empty.")

max_sum = current_sum = arr[0]

for num in arr[1:]:
current_sum = max(num, current_sum + num)
max_sum = max(max_sum, current_sum)

return max_sum
45 changes: 24 additions & 21 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,30 @@ euler-validate = [
[tool.ruff]
target-version = "py313"

[tool.codespell]
ignore-words-list = "3rt,ans,bitap,crate,damon,fo,followings,hist,iff,kwanza,manuel,mater,secant,som,sur,tim,toi,zar"
skip = "./.*,*.json,*.lock,ciphers/prehistoric_men.txt,project_euler/problem_022/p022_names.txt,pyproject.toml,strings/dictionary.txt,strings/words.txt"

[tool.pytest.ini_options]
markers = [
"mat_ops: mark a test as utilizing matrix operations.",
]
addopts = [
"--durations=10",
"--doctest-modules",
"--showlocals",
]

[tool.coverage.report]
omit = [
".env/*",
"project_euler/*",
]
sort = "Cover"

[tool.mypy]
python_version = "3.12"

output-format = "full"
lint.select = [
# https://beta.ruff.rs/docs/rules
Expand Down Expand Up @@ -158,27 +182,6 @@ lint.pylint.max-branches = 20 # default: 12
lint.pylint.max-returns = 8 # default: 6
lint.pylint.max-statements = 88 # default: 50

[tool.codespell]
ignore-words-list = "3rt,ans,bitap,crate,damon,fo,followings,hist,iff,kwanza,manuel,mater,secant,som,sur,tim,toi,zar"
skip = "./.*,*.json,*.lock,ciphers/prehistoric_men.txt,project_euler/problem_022/p022_names.txt,pyproject.toml,strings/dictionary.txt,strings/words.txt"

[tool.pytest.ini_options]
markers = [
"mat_ops: mark a test as utilizing matrix operations.",
]
addopts = [
"--durations=10",
"--doctest-modules",
"--showlocals",
]

[tool.coverage.report]
omit = [
".env/*",
"project_euler/*",
]
sort = "Cover"

[tool.sphinx-pyproject]
copyright = "2014, TheAlgorithms"
autoapi_dirs = [
Expand Down
50 changes: 50 additions & 0 deletions security.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# Security Policy

## Reporting a Vulnerability

If you believe you've found a security vulnerability in **TheAlgorithms/Python**, please follow these steps to report it:

1. **Do not open an issue or pull request**: To ensure that the vulnerability is handled responsibly and securely, please **do not create a public issue or PR**. This will allow us to address the issue in a secure manner before any information becomes public.

2. **Contact the maintainers**: Send a detailed description of the vulnerability to **[[email protected]]**. Please include the following information:
- A description of the vulnerability.
- Steps to reproduce the issue, if applicable.
- Any relevant code or configuration files.
- Your contact details (optional).

If you don't have a direct contact, feel free to create a private email or open a responsible disclosure channel via GitHub Discussions, with a direct request to the maintainers.

3. **Timeline for Response**: We strive to respond to all security reports within 48 hours. The severity of the issue may affect the response time.

## Security Measures

- **Vulnerability Fixes**: Once a vulnerability is identified and reported, we will work to fix it as soon as possible. We will issue a patch release if necessary.
- **Security Advisory**: We will provide a public security advisory with the details of the vulnerability, once the patch has been released. This advisory will include steps for users to mitigate the issue.

## Secure Coding Practices

We follow the best practices in secure coding to ensure our code is resilient against common security vulnerabilities, including but not limited to:
- Input validation and sanitization
- Secure handling of sensitive data (e.g., passwords, API keys)
- Proper encryption and decryption mechanisms
- Avoiding common vulnerabilities such as SQL injection, cross-site scripting (XSS), and buffer overflows

## Data Handling

We recommend that contributors and users do not store sensitive data (such as passwords or private keys) in the repository. Any sensitive information should be handled securely, using appropriate encryption or key management tools.

## Patching and Updates

We encourage contributors to regularly update dependencies to minimize security vulnerabilities in third-party libraries.

## Additional Resources

For more information on secure coding practices and related resources, you can refer to:
- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
- [CWE - Common Weakness Enumeration](https://cwe.mitre.org/)

## Responsible Disclosure

We adhere to responsible disclosure practices and ask that any vulnerabilities be reported privately. We are committed to working with the security community to address any issues as quickly and efficiently as possible.

---
Loading