DOCSLIB.ORG

Week 7 " Reuse Your Own Code Top 20 Tools of All Time CS 212 – Spring 2008 (

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Week 7 Programming Language as a Tool Software Tools ! Use the language that best fits your task ! Think small " Write little programs that test various concepts " Test them! " Comment them! " Build collections of these little programs Week 7 " Reuse your own code Top 20 Tools of All Time CS 212 – Spring 2008 (http://uk.gizmodo.com/) Languages for Different Domains Scripting Languages ! General purpose ! Concurrent/distributed ! A script is a sequence of ! Example scripting languages: " Examples: Lisp, Algol, PL/1, processes common commands made into a Unix shell, Python, Perl, Scheme, Java, Python " Control of multiple threads single program Tcl (Tool command language) ! Systems programming " Examples: Ada, Oz, Smalltalk, " Unix uses shell scripts " Emphasis on efficiency and Java " The shell is the interactive ! Some Python code: tight control of data ! Educational interface to Unix structures " " Examples: Basic, Haskell, You can combine commands class Stack (object): " Examples: C, C++, Forth, Pascal, Python, Scheme, from the Unix shell to create def __init__ (self): Modula-2 Smalltalk programs self.stack = [ ] ! Scripting ! Various other domains def put (self, item): self.stack.append(item) " ! Examples: Unix shell, Perl, " Discrete event simulation: A scripting language is usually def get (self): Python, Ruby, Tcl Simula " Easy to learn return self.stack.pop() " Web scripting: Javascript " Interpreted instead of def isEmpty (self): " Realtime applications: Ada compiled return len(self.stack) == 0 " Text processing: Snobol, Perl " Printing: Postscript " … A Programming Language Controversy Programming Language Weirdness ! “Go To Statement Considered ! Weird languages Harmful” " Whitespace " Edsger Dijkstra, Communications # Only spaces, tabs, and newlines are significant of the ACM (March 1968) # A great language for security since a program can be printed onto plain paper and stored without worrying about an adversary reading the code ☺ ! Sparked long-running discussion on " var'aq whether “go to” is necessary or # Based on the grammatical structure of the Klingon language desirable ! Led to concept of structured " Proponents of “go to” presented programming examples where code was more " Idea: Code is clearer if we ! Weird concepts readable using “go to” restrict ourselves to just a " Polyglot code " At the time few control structures # Code that is valid for multiple languages # No break " Loops have single entry, single # Usually takes advantage of the different ways that comments are indicated # No continue in the different languages # No exceptions exit " Quine # A program whose only output is its own source code # Not considered valid to use the empty program 1 Integrated Development Environments Unix ! An IDE usually includes ! You should know how to use ! Original version by Ken Thompson ! Philosophy (Bell Labs) in 1969 " " Source code editor (usually a debugger! Almost everything is a text file " Little programs (utilities) to do with color highlighting) " Place breakpoints ! An interactive, multi-user little tasks " Compiler or interpreter " Step through code operating system (not the first " Connect programs with pipes & redirection " Tools for “build # Step over such system, but an early one) # % who | sort | lpr automation” (i.e., keeps # Step into # Print an alphabetical list of who is track of what needs to be # Step out of… ! Unix is closely tied to the active on the system ! Linux is an open software version recompiled) " Examine current call-stack development of C of Unix " Debugger " Unix was originally written in PDP- " Examine values of active 7 Assembly Language " Since 1991 " Class browser (for variables " Then in B # Linus Torvalds (the kernel) languages with classes) # Some debuggers allow you " Then in C # Richard Stallman (GNU) " to change a variable value " B and C were basically created to Widely used for high-performance write Unix computing ! Examples: DrJava, Eclipse " In Eclipse: As you type, ! Debuggers are usually much ! Mac OS X is built on Unix gives you list of options + more effective than placing documentation print-statements Regular Expressions Makefiles ! Common goal: search/match/do ! Some of the rules for regular ! Used when ! Once you have a makefile stuff with strings expressions compiling/recompiling a large " You recompile whatever is " A regular character matches system (many interdependent necessary by typing make ! Idea: use special strings to itself files) match other strings " A . matches any character " Checks which files have ! To create a makefile " * implies 0 or more changed and only recompiles " Some characters are meta- " Common strategy is to find occurrences (of preceding those that are necessary characters some examples and modify item) " Because of dependencies, them " more than just the changed + implies 1 or more " There are automated tools for ! Regular expressions are closely files can need to be occurrences building makefiles related to finite state " \ implies following character is recompiled automata (CS 381/481) treated as a regular character " Also keeps track of compiler ! Modern IDEs often provide " [ … ] matches any one options character from within the ! Why not recompile everything? tools for managing the build process brackets; - can be used to " Expensive indicate a range " Order of compilation can be ! A regular expression in Java important "((\\.[0-9]+)|([0-9]+\\.[0-9]*))" Memory Management Garbage Collection ! Modern programs are ! Manual memory management ! Want to keep any object ! Once “not-in-use” objects " Long running bugs that can be reached from are found " Make dynamic use of " Dangling pointers program’s variables " Can reclaim the memory memory # Memory has been freed, " Either directly or through for re-use but part of the code is other objects that can be " Can also compact memory still trying to use it reached ! Garbage collector # I.e., move all the “in-use” " Memory leaks " Program’s variables = objects to another " Some languages (e.g., Java, # Memory that is no longer anything in the call stack memory block (without C#) use a garbage used, but is not freed gaps between objects) collector to reclaim unused # Long running program ⇒ memory run out of memory " Other languages (e.g., C, C++) require programmers to manage their own ! There are tools to help memory catch such bugs " E.g., purify for C, C++ 2 Garbage Collector Schemes Use of Standard Data Structures ! Mark and Sweep ! For either scheme ! Packages for widely-useful ! For example, Java provides " Mark every object as “not-in- " Can “stop the world” data structures " Interfaces use” " Can interleave (i.e., take turns) " Java Collections # List, Map, Set " Starting from the call stack, " Can run concurrently Framework " visit every reachable object, Classes marking it as “in-use” " C++ STL (Standard # ArrayList, LinkedList, ! Java’s current garbage " Everything still marked “not- Template Library) HashMap, TreeMap, in-use” can be reclaimed collector HashSet, TreeSet " A 2-tier scheme (old " " Provide tools for Algorithms generation; new generation) # Arrays.sort, ! Reference Counting # Sorting & searching " A mark-and-sweep method Arrays.search,… " Every object keeps a count of # Iteration " With compaction how many pointers reference # List it # Set " When count is zero, memory ! Java’s garbage collection # Map (or dictionary) can be reclaimed scheme has changed as new # Stack " Problem: cycles! Java versions were released # Queue # Priority Queue Version Control Profiling Tools ! Allows you to keep track of ! CVS (Concurrent Version ! People are notoriously bad at predicting the most changes for a large project System) computationally expensive parts of a program " Can back up to old version " Open source " Rule of thumb (Pareto Principle): 80% of the time is spent in if changes create problems " Widely used tool for 20% of the code " Multiple contributors can version control " No use improving the code that isn’t executed often work on the system " Maintains a history of all " How do you determine where your program is spending its time? changes made ! Part of the data produced by a profiler (Python) " Supports branching, ncalls tottime percall cumtime percall filename:lineno(function) allowing several lines of 2521 0.227 0.000 1.734 0.001 Drawing.py:102(update) 7333 0.355 0.000 0.983 0.000 Drawing.py:244(transform) development 4347 0.324 0.000 4.176 0.001 Drawing.py:64(draw) " Provides mechanisms for 3649 0.212 0.000 1.570 0.000 Geometry.py:106(angles) merging branches back 56 0.001 0.000 0.001 0.000 Geometry.py:16(__init__) 343160 9.818 0.000 12.759 0.000 Geometry.py:162(_determinant) together when desired 8579 0.816 0.000 13.928 0.002 Geometry.py:171(cross) ! SVN (Subversion) 4279 0.132 0.000 0.447 0.000 Geometry.py:184(transpose) " An alternative to CVS ! Java has a built-in profiler (hprof); there are many others More Advanced Profiling Documentation Generators ! Need additional profiling ! Example: ! Comments (esp. specifications) are as important as tools for applications that VTune Performance the code itself " Are multithreaded Analyzer (from Intel) " Determine successful use of code " Use multiple cores " Can monitor # Memory usage " Determine whether code can be maintained # Performance during file " Creation/maintenance = 1/10 I/O ! Documentation belongs in code (or as close to it as # Thread overhead and synchronization possible) # Load balancing " “Code evolves, documentation drifts away” # Idle time " Put specs in comments next to code when possible
Load more

Recommended publications
  • Epydoc: API Documentation Extraction in Python
    Epydoc: API Documentation Extraction in Python Edward Loper Department of Computer and Information Science University of Pennsylvania, Philadelphia, PA 19104-6389, USA Abstract • All API documentation must be written (and read) in plaintext. Epydoc is a tool for generating API documentation for Python modules, based on their docstrings. It • There is no easy way to navigate through the supports several output formats (including HTML API documentation. and PDF), and understands four different markup • The API documentation is not searchable. languages (Epytext, Javadoc, reStructuredText, and plaintext). A wide variety of fields can be used to • A library's API documentation cannot be viewed supply specific information about individual objects, until that library is installed. such as descriptions of function parameters, type sig- natures, and groupings of related objects. • There is no mechanism for documenting vari- ables. 1 Introduction • There is no mechanism for \inheriting" docu- mentation (e.g. in a method that overrides its Documentation is a critical contributor to a library's base class method). This can lead to dupli- usability. Thorough documentation shows new users cation of documentation, which can often get how to use a library; and details the library's specific out-of-sync. behavior for advanced users. Most libraries can ben- efit from three different types of documentation: tu- Epydoc is a tool that automatically extracts a li- torial documentation, which introduces new users to brary's docstrings, and uses them to create API doc- the library by showing them how to perform typical umentation for the library in a variety of formats. tasks; reference documentation, which explains the li- Epydoc addresses all of these limitations: brary's overall design, and describes how the different • pieces of the library fit together; and API documenta- Docstrings can be written in a variety of markup tion, which describes the individual objects (classes, languages, including reStructuredText and Javadoc.
    [Show full text]
  • Python Guide Documentation Publicación 0.0.1
    Python Guide Documentation Publicación 0.0.1 Kenneth Reitz 17 de May de 2018 Índice general 1. Empezando con Python 3 1.1. Eligiendo un Interprete Python (3 vs. 2).................................3 1.2. Instalando Python Correctamente....................................5 1.3. Instalando Python 3 en Mac OS X....................................6 1.4. Instalando Python 3 en Windows....................................8 1.5. Instalando Python 3 en Linux......................................9 1.6. Installing Python 2 on Mac OS X.................................... 10 1.7. Instalando Python 2 en Windows.................................... 12 1.8. Installing Python 2 on Linux....................................... 13 1.9. Pipenv & Ambientes Virtuales...................................... 14 1.10. Un nivel más bajo: virtualenv...................................... 17 2. Ambientes de Desarrollo de Python 21 2.1. Your Development Environment..................................... 21 2.2. Further Configuration of Pip and Virtualenv............................... 26 3. Escribiendo Buen Código Python 29 3.1. Estructurando tu Proyecto........................................ 29 3.2. Code Style................................................ 40 3.3. Reading Great Code........................................... 49 3.4. Documentation.............................................. 50 3.5. Testing Your Code............................................ 53 3.6. Logging.................................................. 57 3.7. Common Gotchas...........................................
    [Show full text]
  • Application Programming Interface (API) Is a Specification Intended to Be Used As an Interface by Software Components to Communicate with Each Other
    Application programming interface 1 Application programming interface An application programming interface (API) is a specification intended to be used as an interface by software components to communicate with each other. An API may include specifications for routines, data structures, object classes, and variables. An API specification can take many forms, including an International Standard such as POSIX or vendor documentation such as the Microsoft Windows API, or the libraries of a programming language, e.g. Standard Template Library in C++ or Java API. An API differs from an application binary interface (ABI) in that the former is source code based while the latter is a binary interface. For instance POSIX is an API, while the Linux Standard Base is an ABI.[1] Language used An API can be: • language-dependent, meaning it is only available by using the syntax and elements of a particular language, which makes the API more convenient to use. • language-independent, written so that it can be called from several programming languages. This is a desirable feature for a service-oriented API that is not bound to a specific process or system and may be provided as remote procedure calls or web services. For example, a website that allows users to review local restaurants is able to layer their reviews over maps taken from Google Maps, because Google Maps has an API that facilitates this functionality. Google Maps' API controls what information a third-party site can use and how they can use it. The term API may be used to refer to a complete interface, a single function, or even a set of APIs provided by an organization.
    [Show full text]
  • Red Hat Enterprise Linux Developer's Getting Started Guide
    WHITE PAPER RED HAT ENTERPRISE LINUX DEVELOPER'S GETTING STARTED GUIDE EXECUTIVE SUMMARY Red Hat Enterprise Linux is an enterprise-class open-source operating system that is widely adopted world wide, scaling seamlessly from individual desktops to large servers in the datacenter. Certified by leading hardware and software vendors, Red Hat Enterprise Linux delivers high performance, reliability, and security along with flexibility, efficiency, and control. For developers, Red Hat provides an extensive set of resources, technologies, and tools that can be used to efficiently develop powerful applications for the Red Hat Enterprise Linux platform. These applications can be deployed with great flexibility, as Red Hat Enterprise Linux supports major hardware architectures, comprehensive virtualization solutions, and a range of cloud-computing options. This document is intended for software developers who are new to Red Hat Enterprise Linux and want to understand the key touch points for any phase of application development – from planning and building, through testing and deploying. The following sections describe the resources and tools that are available on Red Hat Enterprise Linux and provide links to additional information. www.redhat.com WHITE PAPER RED HAT ENTERPRISE LINUX DEVELOPER'S GETTING STARTED GUIDE TABLE OF CONTENTS Developing Software On Red Hat Enterprise Linux................................................................................................4 Overview..................................................................................................................................................................................
    [Show full text]
  • A Language-Independent Static Checking System for Coding Conventions
    A Language-Independent Static Checking System for Coding Conventions Sarah Mount A thesis submitted in partial fulfilment of the requirements of the University of Wolverhampton for the degree of Doctor of Philosophy 2013 This work or any part thereof has not previously been presented in any form to the University or to any other body whether for the purposes of as- sessment, publication or for any other purpose (unless otherwise indicated). Save for any express acknowledgements, references and/or bibliographies cited in the work, I confirm that the intellectual content of the work is the result of my own efforts and of no other person. The right of Sarah Mount to be identified as author of this work is asserted in accordance with ss.77 and 78 of the Copyright, Designs and Patents Act 1988. At this date copyright is owned by the author. Signature: . Date: . Abstract Despite decades of research aiming to ameliorate the difficulties of creat- ing software, programming still remains an error-prone task. Much work in Computer Science deals with the problem of specification, or writing the right program, rather than the complementary problem of implementation, or writing the program right. However, many desirable software properties (such as portability) are obtained via adherence to coding standards, and there- fore fall outside the remit of formal specification and automatic verification. Moreover, code inspections and manual detection of standards violations are time consuming. To address these issues, this thesis describes Exstatic, a novel framework for the static detection of coding standards violations. Unlike many other static checkers Exstatic can be used to examine code in a variety of lan- guages, including program code, in-line documentation, markup languages and so on.
    [Show full text]
  • Python Guide Documentation Publicación 0.0.1
    Python Guide Documentation Publicación 0.0.1 Kenneth Reitz 15 de November de 2016 Índice general 1. Getting Started with Python 3 1.1. Eligiendo un Interprete..........................................3 1.2. Properly Installing Python........................................5 1.3. Installing Python on Mac OS X.....................................6 1.4. Installing Python on Windows......................................7 1.5. Installing Python on Linux........................................8 2. Writing Great Python Code 11 2.1. Structuring Your Project......................................... 11 2.2. Code Style................................................ 21 2.3. Reading Great Code........................................... 31 2.4. Documentation.............................................. 31 2.5. Testing Your Code............................................ 33 2.6. Logging.................................................. 37 2.7. Common Gotchas............................................ 40 2.8. Choosing a License............................................ 43 3. Scenario Guide for Python Applications 45 3.1. Network Applications.......................................... 45 3.2. Web Applications............................................ 46 3.3. HTML Scraping............................................. 52 3.4. Command-line Applications....................................... 54 3.5. GUI Applications............................................. 55 3.6. Databases................................................. 57 3.7. Networking...............................................
    [Show full text]
  • How to Think Like a Computer Scientist: Learning with Python Documentation Release 2Nd Edition
    How to Think Like a Computer Scientist: Learning with Python Documentation Release 2nd Edition Jeffrey Elkner, Allen B. Downey and Chris Meyers February 22, 2017 CONTENTS 1 Learning with Python3 Index 295 i ii How to Think Like a Computer Scientist: Learning with Python Documentation, Release 2nd Edition CONTENTS 1 How to Think Like a Computer Scientist: Learning with Python Documentation, Release 2nd Edition 2 CONTENTS CHAPTER ONE LEARNING WITH PYTHON 2nd Edition (Using Python 2.x) by Jeffrey Elkner, Allen B. Downey, and Chris Meyers Last Updated: 21 April 2012 • Copyright Notice • Foreword • Preface • Contributor List • Chapter 1 The way of the program • Chapter 2 Variables, expressions, and statements • Chapter 2b A light look at lists and looping • Chapter 3 Functions • Chapter 4 Conditionals • Chapter 5 Fruitful functions • Chapter 6 Iteration • Chapter 7 Strings • Chapter 8 Case Study: Catch • Chapter 9 Lists • Chapter 10 Modules and files • Chapter 11 Recursion and exceptions • Chapter 12 Dictionaries • Chapter 13 Classes and objects • Chapter 14 Classes and functions 3 How to Think Like a Computer Scientist: Learning with Python Documentation, Release 2nd Edition • Chapter 15 Classes and methods • Chapter 16 Sets of Objects • Chapter 17 Inheritance • Chapter 18 Linked Lists • Chapter 19 Stacks • Chapter 20 Queues • Chapter 21 Trees • Appendix A Debugging • Appendix B GASP • Appendix c Configuring Ubuntu for Python Development • Appendix D Customizing and Contributing to the Book • GNU Free Document License Copyright Notice Copyright (C) Jeffrey Elkner, Allen B. Downey and Chris Meyers. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with Invariant Sections being Foreward, Preface, and Contributor List, no Front-Cover Texts, and no Back-Cover Texts.
    [Show full text]
  • Ipython Documentation Release 0.10.1
    IPython Documentation Release 0.10.1 The IPython Development Team October 11, 2010 CONTENTS 1 Introduction 1 1.1 Overview............................................1 1.2 Enhanced interactive Python shell...............................1 1.3 Interactive parallel computing.................................3 2 Installation 5 2.1 Overview............................................5 2.2 Quickstart...........................................5 2.3 Installing IPython itself....................................6 2.4 Basic optional dependencies..................................7 2.5 Dependencies for IPython.kernel (parallel computing)....................8 2.6 Dependencies for IPython.frontend (the IPython GUI).................... 10 3 Using IPython for interactive work 11 3.1 Quick IPython tutorial..................................... 11 3.2 IPython reference........................................ 17 3.3 IPython as a system shell.................................... 42 3.4 IPython extension API..................................... 47 4 Using IPython for parallel computing 53 4.1 Overview and getting started.................................. 53 4.2 Starting the IPython controller and engines.......................... 57 4.3 IPython’s multiengine interface................................ 64 4.4 The IPython task interface................................... 78 4.5 Using MPI with IPython.................................... 80 4.6 Security details of IPython................................... 83 4.7 IPython/Vision Beam Pattern Demo.............................
    [Show full text]
  • Génération Automatique De La Documentation D'un Code
    Introduction Doxygen Sphinx Remarques R´ef´erences G´en´erationautomatique de la documentation d'un code Anne Cadiou Laboratoire de M´ecaniquedes Fluides et d'Acoustique Ateliers et S´eminairesPour l'Informatique et le Calcul Scientifique PMCS2I - LMFA Vendredi 4 juin 2021 1/39 Introduction Doxygen Sphinx Remarques R´ef´erences Motivation Pourquoi g´en´ererautomatiquement une documentation ? • destin´e`amieux comprendre de un code, en faciliter la lecture et le d´eveloppement • les lignes de codes parlent par elles-m^emedu comment, mais il est parfois n´ecessaired'ajouter un commentaire sur le pourquoi • des commentaires sont pr´esentsdans le code, pour expliquer ou justifier les lignes de codes • ´ecrireun document `apart du code est difficile `amaintenir `ajour • avoir un syst`emequi extrait les commentaires du code permet aussi d'am´eliorer la qualit´ede ces commenaires • extraire une documentation du code permet aussi de tenir compte de la structure du code Un syst`emede g´en´erationautomatique de documentation `apartir d'un code extrait des informations `apartir des sources et les compile en une documentation qui ´evolue automatiquement avec le code. 2/39 Introduction Doxygen Sphinx Remarques R´ef´erences Outils existants tr`esnombreux https://en.wikipedia.org/wiki/Comparison of documentation generators cela d´epend • de leur licence • du langage avec lequel le code `adocumenter est ´ecrit • de leurs int´egrationdans d'´eventuelsIDE • de leurs formats de sortie • de la taille du code `adocumenter • des syst`emesd'exploitation support´es,etc. Outils les plus r´epandus en C, C++, FORTRAN, Python : • Doxygen • Sphinx Certains sont d´edi´es`aun langage, par exemple pydoctor (rempla¸cant d'Epydoc), pdoc ou pydoc pour Python, ROBODoc, FORD pour FORTRAN, etc.
    [Show full text]
  • Python Guide Documentation Release 0.0.1
    Python Guide Documentation Release 0.0.1 Kenneth Reitz July 06, 2018 Contents 1 Getting Started with Python 3 1.1 Picking an Python Interpreter (3 vs. 2).................................3 1.2 Properly Installing Python........................................5 1.3 Installing Python 3 on Mac OS X....................................6 1.4 Installing Python 3 on Windows.....................................8 1.5 Installing Python 3 on Linux.......................................8 1.6 Installing Python 2 on Mac OS X.................................... 10 1.7 Installing Python 2 on Windows..................................... 12 1.8 Installing Python 2 on Linux....................................... 13 1.9 Pipenv & Virtual Environments..................................... 14 1.10 Lower level: virtualenv.......................................... 16 2 Python Development Environments 21 2.1 Your Development Environment..................................... 21 2.2 Further Configuration of Pip and Virtualenv............................... 26 3 Writing Great Python Code 29 3.1 Structuring Your Project......................................... 29 3.2 Code Style................................................ 40 3.3 Reading Great Code........................................... 49 3.4 Documentation.............................................. 50 3.5 Testing Your Code............................................ 53 3.6 Logging.................................................. 58 3.7 Common Gotchas............................................ 60 3.8 Choosing
    [Show full text]
  • Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing
    WHITE PAPER Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing Fernando Arnaboldi IOActive Senior Security Consultant Abstract Securely developed applications may have unidentified vulnerabilities in the underlying programming languages. Attackers can target these programming language flaws to alter applications' behavior. This means applications are only as secure as the programming languages parsing the code. A differential fuzzing framework was created to detect dangerous and unusual behaviors in similar software implementations. Multiple implementations of the top five interpreted programming languages were tested: JavaScript, Perl, PHP, Python, and Ruby. After fuzzing the default libraries and built-in functions, several dangerous behaviors were automatically identified. This paper reveals the most serious vulnerabilities found in each language. It includes practical examples identifying which undocumented functions could allow OS command execution, when sensitive file contents may be partially exposed in error messages, how native code is being unexpectedly interpreted – locally and remotely – and when constant's names could be used as regular strings for OS command execution. The vulnerabilities, methodology, and fuzzer will be made open source, and the accompanying talk will include live demonstrations. © 2017 IOActive, Inc. All Rights Reserved WHITE PAPER Contents Introduction ..................................................................................................................
    [Show full text]
  • Python Security Documentation Release 0.0
    Python Security Documentation Release 0.0 Victor Stinner Sep 15, 2021 Contents 1 Pages 3 1.1 Python Security Vulnerabilities.....................................3 1.2 Packages and PyPI............................................ 110 1.3 Python SSL and TLS security...................................... 122 1.4 Python Security............................................. 125 i ii Python Security Documentation, Release 0.0 This page is an attempt to document security vulnerabilities in Python and the versions including the fix. Contents 1 Python Security Documentation, Release 0.0 2 Contents CHAPTER 1 Pages 1.1 Python Security Vulnerabilities Status of Python branches lists Python branches which get security fixes. Total: 84 vulnerabilities. Vulnerability Disclosure Fixed In Vulnerable CVE CVE-2013-0340 Billion Laughs fixed in Expat 2.4.0 2021-06-11 3.6.15 3.7.12 3.8.12 3.9.7 – CVE-2013-0340 CVE-2021-3737: urllib HTTP client possible infinite loop on a 100 Continue response 2021-05-03 3.6.14 3.7.11 3.8.11 3.9.6 – – ipaddress leading zeros in IPv4 address 2021-03-30 3.8.12 3.9.5 – CVE-2021-29921 ftplib should not use the host from the PASV response 2021-02-21 3.6.14 3.7.11 3.8.9 3.9.3 – – CVE-2021-3733: ReDoS in urllib.request 2021-01-30 3.6.14 3.7.11 3.8.10 3.9.5 – – Information disclosure via pydoc getfile 2021-01-21 3.6.14 3.7.11 3.8.9 3.9.3 – CVE-2021-3426 urllib parse_qsl(): Web cache poisoning - semicolon as a query args separator 2021-01-19 3.6.13 3.7.10 3.8.8 3.9.2 – CVE-2021-23336 ctypes: Buffer overflow in PyCArg_repr 2021-01-16 3.6.13
    [Show full text]