Skip to main content

51. Identifying Security Gaps

The original PyDo CLI had working functionality but several unsafe assumptions.

Insecure Example 1: Input Trust

task = input("Enter task: ")
tasks.append({"task": task})

No validation. Could include control characters or malicious input.

Insecure Example 2: File Handling

with open("tasks.json", "w") as f:
    json.dump(tasks, f)

No path validation. Could overwrite arbitrary files if path is tampered.

Insecure Example 3: Logging

print("Task saved:", task)

May expose sensitive data in terminal or logs.

✅ Lesson: Even working code may be unsafe if it trusts user input and environment.

Insecure Example 1: Input Trust
Insecure Example 2: File Handling
Insecure Example 3: Logging