Skip to content

CWE-1095: show that list modification is dangerous #940

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 15, 2025
Merged

CWE-1095: show that list modification is dangerous #940

merged 1 commit into from
Jul 15, 2025

Conversation

@hedrok
Copy link
Contributor

@hedrok hedrok commented Jul 10, 2025

Before this commit the wording was that modifying list works but is not recommended.

But it works as long as no two consecutive elements are deleted, otherwise part of elements is not checked at all without any exceptions raised.

Changed README.md, compliant01.py and noncompliant01.py to demonstrate that.

@hedrok
CWE-1095: show that list modification is dangerous
62b3b62 
Before this commit the wording was that modifying list works but
is not recommended.

But it works as long as no two consecutive elements are deleted,
otherwise part of elements is not checked at all without any
exceptions raised.

Changed README.md, compliant01.py and noncompliant01.py to
demonstrate that.

Signed-off-by: Kyrylo Yatsenko <[email protected]>
@hedrok hedrok force-pushed the CWE-1096-add-dangerous-list-example branch from 3dc562a to 62b3b62 Compare July 10, 2025 08:24
@myteron myteron requested review from BartyBoi1128 and myteron July 14, 2025 15:12
BartKaras1128
BartKaras1128 approved these changes Jul 15, 2025
View reviewed changes
Copy link
Contributor

@BartKaras1128 BartKaras1128 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! I think this example is a more interesting way of showing that modification of a list in a loop can be dangerous and could have unexpected outcomes.
Approved by me.

myteron
myteron approved these changes Jul 15, 2025
View reviewed changes
Copy link
Contributor

@myteron myteron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @hedrok for the contribution. Much better example.

@myteron myteron merged commit beb89db into ossf:main Jul 15, 2025
2 checks passed
@hedrok hedrok deleted the CWE-1096-add-dangerous-list-example branch July 15, 2025 12:44
@hedrok
Copy link
Contributor Author

hedrok commented Jul 15, 2025

Thanks! :)

dwiley258 pushed a commit to dwiley258/wg-best-practices-os-developers that referenced this pull request Jul 31, 2025
@hedrok @dwiley258
CWE-1095: show that list modification is dangerous (ossf#940)
e241ef4 
Before this commit the wording was that modifying list works but
is not recommended.

But it works as long as no two consecutive elements are deleted,
otherwise part of elements is not checked at all without any
exceptions raised.

Changed README.md, compliant01.py and noncompliant01.py to
demonstrate that.

Signed-off-by: Kyrylo Yatsenko <[email protected]>
Signed-off-by: Helge Wehder <[email protected]>
Signed-off-by: ewlxdnx <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@myteron myteron myteron approved these changes

@BartyBoi1128 BartyBoi1128 Awaiting requested review from BartyBoi1128

+1 more reviewer

@BartKaras1128 BartKaras1128 BartKaras1128 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Product: Python Hardening Guide

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hedrok @myteron @BartKaras1128 @thomasnyman