Hello,
I am a security engineer at r2c.dev. We are working to write code checks for security in open source code. A python project I was looking at happened to checkin the entire cmake codebase which is how I happened onto this.
Problem: In python, the default values of function parameters are instantiated at function definition time. All calls to that function that use the default value all point to the same global object. e.g.:
def func(x=[]):
x.append(1)
print(x)
func() # [1]
func() # [1 , 1]Fix: The recommended solution is to either set default to None and assign a new empty object when the variable is None.
Topic-rename: ConvertMSBuildXMLToJSON-default-mutable