Maybe if the malicious code was in a PR and the checks ran in CI could be a problem? But yeah, when I saw that I thought that it was hard to make it an actual vulnerability that would affect anyone.
This is unrelated to the video but I wanted to ask you a question. I sometimes want to write code that makes it very clear to tell what the issue is. Say for instance, asserting that all elements of a list are of a specific type. This is very costly to run however, and I don't do anything with the error, so I put the assertion behind a `__debug__` flag. The issue with this is that then I have errors being raised only in Debug mode - well - that's kind of confusing. Do I write a pytest that ensures that an error is raised...only in debugging mode? Should I check that it's not raised when not in debugging mode? The `-O` flag doesn't seem to work from what I can tell with PyTest , this means that my tests will generally be slower as well Additionally, if a user doesn't know that `-O` needs to be used, then their code will run slower all the time.. The other option is to have some global DEBUG flag with store_true on the CLI - that way - by default - it's not in debugging mode, and so it's faster. But then I have to import config.DEBUG into nearly every file... Could you offer some insight on this?
I think this could also be fixed by making the first quantifier lazy ("\s*?" instead of "\s*") and matching a single tab character instead of one or more tab characters.
the lazy modifier changes what the engine tries first. All possibilities must still be exhausted before the engine can be satisfied that the string doesn't match.
yeah since editing a docstring will change the AST black avoids removing trailing whitespace in multiline strings. however there are edge cases where black will change the ast slightly.
6:36 "The uncompromising Python code formatter"... is compromised 😱
At this point can we start reporting slow websites as denial of service attacks on browsers?
Maybe if the malicious code was in a PR and the checks ran in CI could be a problem?
But yeah, when I saw that I thought that it was hard to make it an actual vulnerability that would affect anyone.
yeah, but CI's mostly have step timeouts for containers
@@bernardcrnkovic3769 true
again it'll only be an issue for the person running it, they're DOSing their own PR for example
at least the CVE was marked as medium rather than Critical or high, though it probably should've been even lower in reality
This is unrelated to the video but I wanted to ask you a question.
I sometimes want to write code that makes it very clear to tell what the issue is. Say for instance, asserting that all elements of a list are of a specific type. This is very costly to run however, and I don't do anything with the error, so I put the assertion behind a `__debug__` flag.
The issue with this is that then I have errors being raised only in Debug mode - well - that's kind of confusing.
Do I write a pytest that ensures that an error is raised...only in debugging mode?
Should I check that it's not raised when not in debugging mode? The `-O` flag doesn't seem to work from what I can tell with PyTest , this means that my tests will generally be slower as well
Additionally, if a user doesn't know that `-O` needs to be used, then their code will run slower all the time..
The other option is to have some global DEBUG flag with store_true on the CLI - that way - by default - it's not in debugging mode, and so it's faster.
But then I have to import config.DEBUG into nearly every file...
Could you offer some insight on this?
I think this could also be fixed by making the first quantifier lazy ("\s*?" instead of "\s*") and matching a single tab character instead of one or more tab characters.
the lazy modifier changes what the engine tries first. All possibilities must still be exhausted before the engine can be satisfied that the string doesn't match.
yeah since editing a docstring will change the AST black avoids removing trailing whitespace in multiline strings. however there are edge cases where black will change the ast slightly.
lol i knew i had seen you somewhere before. I was on a 3b1b video and saw your comment. The pfp was unmistakable
An AI coding assistant could trigger the DOS