bandit icon indicating copy to clipboard operation
bandit copied to clipboard

Published 20 hours ago verified publisher icon PyCQA

Report mutable class attributes as warning

Open cleder opened this issue 6 years ago • 2 comments

Mutable class attributes may lead to information leaking from one instance to another.

class MyClass(object):
    errors = []

    def do_something(self):
        try:
            ...
        except SomeException as e:
            self.errors.append(e)

Mutable class attributes should be reported as potential security risks. The logic same should apply for mutable default values of call parameters for functions

cleder avatar Jan 16 '19 13:01 cleder

Not sure if this should go in here or if https://github.com/PyCQA/flake8-bugbear/issues/57 is the more appropriate place to implement this

cleder avatar Jan 16 '19 14:01 cleder

Could you please describe the security issue related to this more. Thanks!

ericwb avatar Jul 11 '22 18:07 ericwb