Issue #11 resolved

Mutable (list) used as default parameter

Maciej Wiśniowski
created an issue

There is a flaw in some functions like has_permission in init.py.

These functions use roles=[] as default parameter which causes security risk and other unexpected side effects. You can put

{{{

!python

print roles }}}

statement to see how roles list grows infinitely, like:

{{{

!python

[<Role: Manager>] [<Role: Manager>, <Role: Manager>] [<Role: Manager>, <Role: Manager>, <Role: Manager>] [<Role: Manager>, <Role: Manager>, <Role: Manager>, <Role: Manager>] [<Role: Manager>, <Role: Manager>, <Role: Manager>, <Role: Manager>, <Role: Manager>] [<Role: Manager>, <Role: Manager>, <Role: Manager>, <Role: Manager>, <Role: Manager>, <Role: Manager>] }}}

See http://www.artfulcode.net/articles/mutable-default-parameter-values-python/ for details.

Comments (2)

  1. Log in to comment