- Input injection
- Parsing XML
- Assert statements
- Timing attacks
- A polluted site-packages or import path
- Temporary files
- Using yaml.load
- Using the system Python runtime and not patching it
- Not patching your dependencies
A very plausible scenario of credentials sniffer injected through npm dependency chain.
I loved the "I’d see it in your source on GitHub!" section : so scary and true.
Are you sure you want to delete this link?
The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community