Aug 9, 2022You might be using assert wrongAssert is often used in production code as a form of data validation check or sanity testing. You may have seen code bases that contain logic like: def validate_age(value): assert value < 70, "No youngsters allowed!" response = requests.post(url=url, json={'foo': 'bar'}) assert response.ok, response.text However, assertions should only be used…Python4 min readPython4 min read
Aug 5, 2022Smashing Python tech debt with PolymorphismPolymorphism is a pillar of Object Oriented Programming. OOP underpins modern software development in many industries. This article will dive in to Polymorphism by using a real world non-contrived example. …Python7 min readPython7 min read
Aug 3, 20223 awesome Django 4.1 changes (1 is a logout deprecation you need to know about)Django is an open-source web application framework for Python. With Django 4.1 release we get some long-awaited improvements such as async views, async database queries, and a deprecation that will eventually prevent your users logging out unless you change your code accordingly. Deprecation of logout via GET Log out is an action that has a…Django3 min readDjango3 min read
Aug 2, 2022SemVer might not be right for youMethodical release of software is a crucial part of the development lifecycle. After the hard work producing the software it would be a shame to put no love and no mind into what the release is named. Names matter. Each release should have an identified: version number, name, etc. The…Python6 min readPython6 min read
Published inDev Genius·Aug 1, 2022When Python old style string formatting is best practiceString formatting in Python 2 utilized the % modulo operator. Python 3 was released in 2008 which included an alternatives to formatting strings: str.format(). Fast forward to 2016, Python 3.6 formatted string literals (or f-strings) were released. It may seem like iconoclasm to say str.format and f strings are not…Python4 min readPython4 min read
Apr 25, 202210% of the 666 most popular Python GitHub repos have these f-string bugstl;dr We found that 10% of the 666 most popular Python open source GitHub repositories had the following f-string typo bugs: f prefix was missing:"hello {name}"instead of f"hello {name}" . f prefix was written inside the string: "fhello {name}"instead of f"hello {name}" . …Python8 min readPython8 min read
Published inSystem Weakness·Apr 13, 2022Hacking websites: session hijacking with XSS (and how to protect your Django website)One vulnerability builds on top of another: a bad actor can perform a series of attacks on your website that starts as a simple XSS attack to trick the browser into executing some Javascipt, and ends with the hacker completely hijacking the victim’s logged in session through stealing the their…Django3 min readDjango3 min read
Mar 3, 2022Hacking Django: steal passwords and cookies using packet sniffingPacket sniffing can be used to steal passwords from insecure Django websites. Here’s a demo of such an attack: Stealing credentials and session cookies is easy if the following conditions are met: The target user is on the same network as the attacker The target website is accepting HTTP…Django3 min readDjango3 min read
Feb 21, 20225 percent of the 420 python codebases we checked silently skipped tests (so we fixed them)Duplicate names for tests in the same scope results in some of the tests being skipped: # file with 3 tests (with duplicate names) def test_a(): pass def test_a(): pass def test_a(): pass The tests were written. Lets run them: $ pytest collecting ... tests/test_helpers.py::test_a ✓ 100% ██████████ Results (0.85s)…Python5 min readPython5 min read
Feb 16, 20223% of 666 Python codebases we checked had a silently failing unit testLets coin a name for a very special type of unit test: Schroeder’s unit-test: a unit test that passes but fails to test the thing we want to test. This article focuses on our code scanning of 666 Python codebases to detect one such Schroeder’s unit tests. …Python4 min readPython4 min read
