Python

Python’s mutable-default-argument gotcha is infamous. In my earlier post, I went one step further and tried to exploit it: using a mutable default as a state bucket, then showing why it breaks the moment you want multiple independent instances (and why it gets even uglier around concurrency). Now there’s a language-level proposal that’s relevant to the same theme—but in a much more principled way. PEP 814 proposes a new built-in type: frozendict, an immutable mapping designed to be “safe by design.” It’s currently a Draft targeting Python 3.15. ...

Introduction One of the key components of HTTP request-response is request data validation. Modern HTTP requests typically send a JSON payload that needs to be sanitized and validated before proceeding with business logic and database operations. While client-side applications may implement basic form validations using libraries like Formik, backend validation remains essential as a security precaution. This article on hacking McDonald’s India Service APIs showcases interesting vulnerabilities that can be exploited when backend validations and authorizations are improperly implemented. ...

One of the most commonly known gotchas in Python is the use of mutable default arguments. Consider this simple Python function snippet: def foo(item: int, bar: list = []) -> None: bar.append(item) print( f"{bar=}" ) # Neat f-string trick btw to print both variable name and value foo(6) foo(6) foo(12) A Python newcomer might expect the output to be: bar = [6] bar = [6] bar = [12] Instead you would get: ...