9. Understanding Common Vulnerabilities

Python has specific classes of vulnerabilities developers should know:

Examples

• Injection Attacks – using eval, exec, or SQL without sanitization.
• Deserialization Attacks – unsafe use of pickle.
• Path Traversal – letting users control file paths.
• Hardcoded Secrets – embedding passwords in code.

Example: Pickle

import pickle
data = pickle.loads(b"cos
system
(S'rm -rf /'
tR.")  # Code execution!

# 9. Secure alternative
import json
data = json.loads('{"safe": "data"}')

✅ Lesson: Avoid code-evaluating functions (eval, exec, pickle.loads) for untrusted data.