Date: Thu, 8 Dec 2016 15:36:48 -0800 From: Sarah Newman <srn@...mr.com> To: oss-security@...ts.openwall.com Subject: Re: Opensource Python whitebox code analysis tool recommendations On 12/06/2016 09:02 AM, Fiedler Roman wrote: > Hello list, > > I just stubled over effects of following programming error due to unwanted > singleton in Python, bypassing intended process restrictions (allowed number > of elements in my case) and of course data corruption: > > class A: > def __init__(self, value=): > self.value=value > self.valueCloned=value[:] > def show(self): > print 'IDs value %x, cloned %x' % (id(self.value), id(self.valueCloned)) > def append(self, data): > self.value.append(data) > > # Keep reference to avoid garbage collection interference. > objFirst=A() > objFirst.show() > objNext=A() > objNext.show() > # Check references to prohibit optimization. > if objFirst==objNext: raise Exception('Impossible') > > > > As this type of error seems to be more common in code, at least according to > grep, are there tool recommendations to do automatic analysis of code? > It's not exactly the tool you're looking for, but pylint would have warned you: W: 2, 2: Dangerous default value  as argument (dangerous-default-value) --Sarah
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.