[Bug] Mutable default argument in merge_logs_to_list causes log contamination

[juandiego-bmu]

Description

In nettacker/core/utils/common.py (line 34), the function merge_logs_to_list uses a mutable default argument:

def merge_logs_to_list(result, log_list=[]):

On line 41, this list is mutated via .append():

log_list.append(result["log"])

In Python, mutable default arguments are evaluated once at function definition time and shared across all calls. This means every call to merge_logs_to_list() without an explicit log_list argument will append to the same shared list object, accumulating log entries from all previous calls.

Impact

• Log entries from previous scans leak into subsequent scan results
• Memory grows without bound as the shared list accumulates entries across the application lifetime
• Scan results may contain data from other scans, which is a data integrity issue

Suggested fix

Use None as the default and create a new list inside the function:

def merge_logs_to_list(result, log_list=None):
    if log_list is None:
        log_list = []