<a href="https://colab.research.google.com/github/wjtopp3/CSIT-2033/blob/main/CSIT_2033_Week_3.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# 3. Secure Coding Basics


# Coding Style
- Good coding style is essential because it promotes clear, consistent, and readable code, making it easier to spot logic errors, unintended behavior, and security flaws during development and review.

# GotoFail: A Case Study in Style-Related Vulnerabilities
The **goto fail** bug was a critical security flaw in Apple’s SSL/TLS implementation (discovered in 2014)
  - It was caused by a duplicate goto statement in the C code.
  - The defect caused a certificate validation operation to prematurely exit, allowing attackers to impersonate secure websites and intercept encrypted communications.


```
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
    goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
    goto fail;
    goto fail;  // <- This accidental second 'goto fail;' is the bug
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
    goto fail;
```


# PEP 8 and Python Style Guidelines

- A Python Enhancement Proposal (PEP) describes a new feature, process, or  guideline for the Python community.
  - PEPs provide a structured way to propose, discuss, and document changes to the language.
    - PEP 1 (https://peps.python.org/pep-0001/) was written in March 2000 and defines what PEPs are for and how they should be used.
    - PEPs 2–7 set guidelines for Python's development, including the PEP index and workflow (PEP 2), PEP guidelines for informational proposals (PEP 3), procedures for Python releases (PEP 4 and 6), deprecation policy (PEP 5), and how to submit patches (PEP 7).
    - PEP 8 (https://peps.python.org/pep-0008/) provides Python coding style guidelines for maintainable code
  - As instructors of introductory programming courses, we have the opportunity to teach the need for code style discipline and best practices early in a student's learning journey.
  - By teaching established and consistent conventions we can help students develop habits that lead to more reliable and professional software.



# Guidelines

- These guidelines emphasize code readability and foster a mindset that prioritizes security and maintainability—critical skills for aspiring developers.

1. Formatting for Readability and Maintainability
2. Naming Conventions
3. Module Imports
4. Documentation and Comments

# Formatting for Readability and Maintainability

- Consistent Indentation (https://peps.python.org/pep-0008/#indentation)
  - Use 4 spaces (not tabs) per indentation level to avoid confusion that could lead to logical errors.
- Maximum Line Length (https://peps.python.org/pep-0008/#maximum-line-length)
  - 79 characters prevents the need for horizontal scrolling, making it easier to audit code for security flaws.



# Naming Conventions
- https://peps.python.org/pep-0008/#naming-conventions
- Use meaningful names for variables, functions, and classes.
    - Good: sumTotal, TotalSum, Sum_Total, i, x, squareRoot_, automobiles, _sum_, CONSTANT_X
    - bad: sum, x-1
- Avoid **shadowing**
  - Shadowing occurs when a local variable or function name in your code overrides a built-in name, making the original built-in temporarily inaccessible.
  - Don't use names that overwrite Python built-ins (e.g., don’t name a variable **id**, **list**, or **sum**).
- Use CAPITALIZED_NAMES for constants that shouldn’t be modified.

In [None]:
# shadowing and constants

TAX_RATE = 0.07 # FL sales tax, won't change without legislation
sum = 10  # Overwrites the built-in sum function

numbers = [1, 2, 3]
total = sum(numbers)

del sum # fixes it, comment out previous line first
total = sum(numbers)
print(total)

print(total + (1 + TAX_RATE))

# Module Imports

# 🛠️ Hands-On: Demonstrating Wildcard Import Issues
- Avoid wildcard imports

```
    from module import *
```

- This can introduce unintended variables and functions into the namespace, leading to unpredictable behavior.

In [None]:
# Create two module files dynamically with conflicting function names

# First module: math_tools with an add() function
# that performs numerical addition
with open('math_tools.py', 'w') as f:
    f.write("""
def add(x, y):
    return x + y
""")

# Second module: string_tools with an add() function
# that performs string concatenation
with open('string_tools.py', 'w') as f:
    f.write("""
def add(x, y):
    return x + " " + y
""")

# Import all contents from math_tools using wildcard import
from math_tools import *
print("Imported math_tools")
# Show memory address of the current add() function
print("id(add) after math_tools import:", id(add))

# Import all contents from string_tools — this silently
# overwrites the previous add()
from string_tools import *
print("Imported string_tools")
 # Show memory address has change — function was overwritten
print("id(add) after string_tools import:", id(add))

# Test which 'add' function is currently in scope
# (hint: it's the one from string_tools).
print("\nTesting add(2, 3):")
try:
    # Will raise a TypeError because string concatenation expects strings
    result = add(2, 3)
    print("Result of add(2, 3):", result)
except Exception as e:
    # Catch error caused by conflicting function definitions
    print("Error:", e)

# Clean up: delete dynamically created module files
import os
os.remove('math_tools.py')
os.remove('string_tools.py')


Imported math_tools
id(add) after math_tools import: 140091612591456
Imported string_tools
id(add) after string_tools import: 140091612588896

Testing add(2, 3):
Error: unsupported operand type(s) for +: 'int' and 'str'


# Exercise - Wildcard Imports

Use alias imports as demonstrated in to solve this wildcard import problem. Modify the CHANGEME lines as required.

In [None]:
pip install text_processor

[31mERROR: Could not find a version that satisfies the requirement text_processor (from versions: none)[0m[31m
[0m[31mERROR: No matching distribution found for text_processor[0m[31m
[0m

In [None]:
with open('text_processor.py', 'w') as f:
    f.write("""def process(text):\n    return text.upper()\n""")

with open('number_processor.py', 'w') as f:
    f.write("""def process(num):\n    return num * num\n""")

# --- Demonstrate original behavior without wildcard conflict ---

print("=== Demonstrating correct behavior using explicit imports ===")

# CHANGEME 1. replace the following wildcard import with an alias import
from text_processor import *
print("Imported text_processor")
print("id(tp.process):", id(tp.process))

# Call process from text_processor
try:
    print("tp.process('hello') =", tp.process("hello"))
except Exception as e:
    print("Error:", e)

# CHANGEME 2. replace the following wildcard import with an alias import
from number_processor import *
print("\nImported number_processor")
print("id(np.process):", id(np.process))

# Call process from number_processor
try:
    print("np.process(5) =", np.process(5))
except Exception as e:
    print("Error:", e)

# CHANGEME 3: use an alias to call the text processor
try:
    print("process('hello') =", process("hello"))
except Exception as e:
    print("Error:", e)

# --- Cleanup ---
import os
os.remove('text_processor.py')
os.remove('number_processor.py')


In [None]:
###
###
### SOLUTION
###
###

with open('text_processor.py', 'w') as f:
    f.write("""def process(text):\n    return text.upper()\n""")

with open('number_processor.py', 'w') as f:
    f.write("""def process(num):\n    return num * num\n""")

# --- Demonstrate original behavior without wildcard conflict ---

print("=== Demonstrating correct behavior using explicit imports ===")

# CHANGEME 1. replace the following wildcard import with an alias import
import text_processor as tp
print("Imported text_processor")
print("id(tp.process):", id(tp.process))

# Call process from text_processor
try:
    print("tp.process('hello') =", tp.process("hello"))
except Exception as e:
    print("Error:", e)

# CHANGEME 2. replace the following wildcard import with an alias import
import number_processor as np
print("\nImported number_processor")
print("id(np.process):", id(np.process))

# Call process from number_processor
try:
    print("np.process(5) =", np.process(5))
except Exception as e:
    print("Error:", e)

# CHANGEME 3: use an alias to call the text processor
try:
    print("tp.process('hello') =", tp.process("hello"))
except Exception as e:
    print("Error:", e)

# --- Cleanup ---
import os
os.remove('text_processor.py')
os.remove('number_processor.py')


=== Demonstrating correct behavior using explicit imports ===
Imported text_processor
id(tp.process): 140091612591936
tp.process('hello') = HELLO

Imported number_processor
id(np.process): 140091612593056
np.process(5) = 25
tp.process('hello') = HELLO


# Whitespace

- https://peps.python.org/pep-0008/#whitespace-in-expressions-and-statements

- Use spaces around operators and after commas to improve readability. Do this:

```
    x = a + b
```

- instead of this:

```
    x=a+b
```

- Avoid extraneous whitespace in expressions; instead of:

```
    x = (a + b ) # (trailing space inside parentheses)
```

- Do this:

```
    x = (a + b)
```

# Exception Handling
- https://peps.python.org/pep-0008/#programming-recommendations
- Don’t use "bare except" statements. Instead of:

```
    try:
        process_data()
    except:
        pass # Silently ignores errors (including critical ones)
```

- Do this:

```
    try:
        process_data()
    except (ValueError, KeyError) as e:
        logger.error(f"Processing failed: {e}")  # Log the issue
```

- Raise exceptions explicitly and use meaningful exception types with clear messages.  
  Instead of:

```
    raise Exception("Error occurred")  # Valid but non-specific
```

- Do this:

```
    raise ValueError("Invalid input")
```

# Documentation and Comments
- https://peps.python.org/pep-0008/#comments
- Use docstrings for function behavior and security emphasis

In [None]:
def sanitize_input(user_input):
    """
    Cleans user input to prevent injection attacks.

    This function removes potentially dangerous characters
    to protect against code injection vulnerabilities.

    Args:
        user_input (str): The input string provided by the user.

    Returns:
        str: A sanitized version of the input safe for further processing.
    """
    return user_input.replace("<", "").replace(">", "").replace(";", "")

print(help(sanitize_input))


- Avoid inline comments disclosing security-sensitive information. Instead of:

```
	# Hashing passwords with MD5 (insecure)
```

- Do this:

```
	# Securely hash passwords
```

# Loops, Lists, Tuples, and Dictionaries

# Loops / Secure Iteration

- Avoid Infinite Loops and Ensure Proper Termination
- Infinite loops can cause a program to become unresponsive, consume excessive system resources, or create security vulnerabilities such as denial-of-service (DoS) risks.
- To ensure proper termination of loops, follow these best practices

In [None]:
# Use explicit loop conditions: ensure loops have well-defined termination conditions

count = 0
while count < 10:  # Proper termination condition
    print(count)
    count += 1  # Ensure progress towards termination

In [None]:
# Avoid using while True without a break condition

while True:
    # processing steps ...
    #
    user_input = input("Enter 'exit' to stop: ")
    if user_input.lower() == 'exit':
        break

# Implement Timeouts/Iteration Limits
- When processing user input or external data, avoid infinite loops by implementing timeouts or iteration limits.

  ```
  import time

  start_time = time.time()
  timeout = 5  # seconds

  while time.time() - start_time < timeout:
      if some_condition():  # Replace with actual condition
          break
  ```

In [None]:
# Instead of looping through large datasets, use generators to iterate over
# data securely and avoid excessive memory usage.

# The secure_generator function below produces one value at a time
# instead of returning an entire list

def secure_generator(n):
    for i in range(n):
        yield i  # Generates values on demand

for value in secure_generator(10):
    print(value)

# Security Considerations for Lists and Tuples

| List | Tuple |
|------|-------|
| Mutable | Immutable                  |
| Dynamic collections | Fixed data structures |
| Memory overhead for dynamic resizing | More memory efficient |
| Built-in methods for modification | Fewer built-in methods |
| Slightly slower for dynamic resizing | Sightly faster for large datasets |


# Tuples for Secure Data
- Tuples are hashable (can be used as dictionary keys or set elements) as long as they only contain hashable elements
- This ensures that security-sensitive mappings (e.g., user permissions, access control lists) remain unchanged.

In [None]:
# Example: Is an admin with read permissions allowed to perform a write?

non_hashable_tuple = (["admin", "read"], "write") # contains a list
access_rights = { non_hashable_tuple: True }

hashable_tuple = (("admin", "read"), "write") # hashable
access_rights = { hashable_tuple: True }

TypeError: unhashable type: 'list'

# Copying Lists
- Prevent unintended data modifications in lists by using tuples for data that should remain unchanged
  - make copies of lists before passing them to functions if modification is not intended
- Copying lists ensures that modifications to copied objects do not unintentionally affect the original, important when dealing with mutable and nested data structures
- A Python list's copy method performs a shallow copy: it only copies the outer list and keeps references to mutable elements inside.
- The **copy** module (https://docs.python.org/3/library/copy.html) allows programmers to create both shallow and deep copies of objects.
  - The copy function in this module behaves similarly to the List's copy method.
  - A **deep copy** creates a new compound object and recursively inserts copies into it of the objects found in the original.
  - This is only relevant for compound objects (objects that contain other objects, like lists or class instances).

# Copying Lists: The Shallow Copy Problem
- Since a shallow copy only copies references to the inner lists, modifying an element inside the copy also affects the original_list.

In [None]:
import copy

original_list = [[1, 2, 3], [4, 5, 6]]
shallow_copy = copy.copy(original_list)

# Modifying an inner list

shallow_copy[0][0] = 99

print(original_list)  # Output (modified): [[99, 2, 3], [4, 5, 6]]
print(shallow_copy)   # Output (modified): [[99, 2, 3], [4, 5, 6]]

# 🛠️ Hands-On: Make a Deep Copy

- copy.deepcopy() creates a new object and recursively copies all objects within it, ensuring that nested mutable objects are fully duplicated rather than just referenced so the copied object is completely independent.

In [None]:
import copy

original_list = [[1, 2, 3], [4, 5, 6]]
deep_copy = copy.deepcopy(original_list)

# Modifying an inner list
deep_copy[0][0] = 99

print(original_list)  # Output: [[1, 2, 3], [4, 5, 6]]  (Unchanged)
print(deep_copy)      # Output: [[99, 2, 3], [4, 5, 6]]  (Modified)

# Exercise - Deep Copies

A student has naively created a copy of a dictionary using a simple assignment,
thinking that the copy will be independent of the original.

Rewrite the script so it creates a deep copy.

In [None]:
# you can overwrite this code cell or add a new one below it for your solution

original_dict = {
    "user1": {"name": "Alice", "score": 90},
    "user2": {"name": "Bob", "score": 85}
}

assigned_dict = original_dict

# Modify a nested value in the copy
assigned_dict["user1"]["score"] = 100

print(original_dict)
# Output: {'user1': {'name': 'Alice', 'score': 100}, 'user2': {'name': 'Bob', 'score': 85}} (Changed!)

print(assigned_dict)
# Output: {'user1': {'name': 'Alice', 'score': 100}, 'user2': {'name': 'Bob', 'score': 85}} (Same object)


In [None]:
###
###
### SOLUTION
###
###

import copy

original_dict = {
    "user1": {"name": "Alice", "score": 90},
    "user2": {"name": "Bob", "score": 85}
}

deep_copy = copy.deepcopy(original_dict)

# Modify a nested value in the copy
deep_copy["user1"]["score"] = 100

print(original_dict)
# Output: {'user1': {'name': 'Alice', 'score': 90}, 'user2': {'name': 'Bob', 'score': 85}} (Unchanged)

print(deep_copy)
# Output: {'user1': {'name': 'Alice', 'score': 100}, 'user2': {'name': 'Bob', 'score': 85}} (Modified)


Here to start Thurs

# Index Errors/Boundary Overflow Best Practices

# 🛠️ Hands-On: Validating Index Values
- Always check if an index is within range before accessing elements.
- Use len() to determine valid index ranges.
- Validate user input before using it as an index.


In [None]:
 # Safely retrieve an element from a list
 def get_element(lst, indx):
    if not isinstance(indx, int): # Validate user input
        print("Error: Index must be an integer.")
        return None
    if 0 <= indx < len(lst):  # Check if index is in range
        return lst[indx]
    else:
        print("Error: Index out of range.")
        return None

# Example usage
my_list = ["apple", "banana", "cherry"]
# Valid index
print(get_element(my_list, 1))
# Out-of-range index
print(get_element(my_list, 5))
# Invalid input (not an integer)
print(get_element(my_list, "two"))

# 🛠️ Hands-On: Handling Unexpected Errors Using try-except.


In [None]:
# handle unexpected errors using try-except

# return a default value or a meaningful message on failure.
# log errors for debugging instead of silently failing.

my_list = [10, 20, 30]
try:
    print(my_list[3])
except IndexError:
    print("Index out of range!")

# How are errors logged in a real-world Python application?

- There are several popular libraries used for logging in Python applications
- Options include Loguru (https://github.com/Delgan/loguru), Structlog (https://www.structlog.org/en/stable/), and Sentry Docs (https://docs.sentry.io/platforms/python/)
- The standard library's logging module (https://docs.python.org/3/library/logging.html) is a commonly used tool which uses a file handler.

In [None]:
pip install logging

Collecting logging
  Downloading logging-0.4.9.6.tar.gz (96 kB)
[?25l     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.0/96.0 kB[0m [31m?[0m eta [36m-:--:--[0m[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m96.0/96.0 kB[0m [31m2.9 MB/s[0m eta [36m0:00:00[0m
[?25h  [1;31merror[0m: [1msubprocess-exited-with-error[0m
  
  [31m×[0m [32mpython setup.py egg_info[0m did not run successfully.
  [31m│[0m exit code: [1;36m1[0m
  [31m╰─>[0m See above for output.
  
  [1;35mnote[0m: This error originates from a subprocess, and is likely not a problem with pip.
  Preparing metadata (setup.py) ... [?25l[?25herror
[1;31merror[0m: [1mmetadata-generation-failed[0m

[31m×[0m Encountered error while generating package metadata.
[31m╰─>[0m See above for output.

[1;35mnote[0m: This is an issue with the package mentioned above, not pip.
[1;36mhint[0m: See above for details.


In [None]:
import logging

# Configure logging to write to a file
logging.basicConfig(
    # filename='app.log', # Log file name, goes to console otherwise
    force = True,  # only needed in notebook environment
    level=logging.ERROR,              # Minimum level to log
    format='%(asctime)s - %(levelname)s - %(message)s'
)

try:
    # Code that might raise an exception
    x = [1, 2, 3]
    print(x[5])  # Will raise IndexError
except IndexError as e:
    logging.error("An index error occurred.")  # no traceback
    #logging.error("An index error occurred.", exc_info=True)

# 🛠️ Hands-On: Iteration vs. Direct Indexing
- Use for loops instead of manually tracking indices
  - Manual index tracking is often unnecessary and can introduce errors, making code harder to read and maintain.
  - Use built-in iteration methods that automatically handle indexing.

In [None]:
# instead of this:

my_list = ["apple", "banana", "cherry"]
index = 0  # Manually track index

while index < len(my_list):
    print(my_list[index])
    index += 1  # Manually update

In [None]:
# do this:

my_list = ["apple", "banana", "cherry"]
for item in my_list:
    print(item)  # No need to manage an index

# Need to track an index? Use enumerate()
- E.g., when reading a file line by line, to keep track of the line numbers for logging, debugging, or reporting errors.

In [None]:
# Use enumerate to iterate with index-value pairs
fruits = ["apple", "banana", "cherry"]

for indx, fruit in enumerate(fruits):
    print(f"Index {indx}: {fruit}")

# List Comprehensions
- While built-in iteration methods provide both provide security and efficiency benefits over direct indexing, list comprehensions can offer advantages
- List comprehensions:
	- are more readable than built-in iteration functions, making code easier to understand.
	- allow inline conditions (if-else) without needing additional filter() calls or complex lambda functions.
	- are optimized at the C-level, often making them faster.
	- can be simpler to debug when dealing with complex transformations.

#	🛠️ Hands-On: Using a List Comprehension

In [None]:
fruits = ["apple", "banana", "cherry", "kiwi", "mango"]
newlist = []

for x in fruits:
  if "a" in x:
    newlist.append(x)

print(newlist)

In [None]:
fruits = ["apple", "banana", "cherry", "kiwi", "mango"]

newlist = [x for x in fruits if "a" in x]

print(newlist)

In [None]:
# list comprehensions

numbers = [1, 2, 3, 4, 5, 6]

# compare to map/filter for readability
squared_evens = [x**2 for x in numbers if x % 2 == 0]
squared_evens_map = list(map(lambda x: x**2, filter(lambda x: x % 2 == 0, numbers)))
print("List Comprehension:", squared_evens)
print("Map + Filter:", squared_evens_map)

# inline conditions
words = ["apple", "banana", "cherry", "date"]
word_lengths = [len(word) if "a" in word else 0 for word in words]
print("Word Lengths:", word_lengths)

# optimized execution
large_numbers = list(range(1000000))
double_numbers = [x * 2 for x in large_numbers]  # Faster than map()

# simple debugging
debug_list = [x * 2 for x in numbers if x % 2 == 0]
print("Debug List:", debug_list)

# Use zip() to Iterate Over Multiple Lists Safely
- zip() allows you to iterate over multiple lists by pairing corresponding elements together.
- This prevents IndexErrors, which can occur when iterating manually with indices if lists have different lengths.
- By default, zip() stops at the shortest list, ensuring safe iteration.

In [None]:
# zip example

names = ["Alice", "Bob", "Charlie"]
ages = [25, 30, 35]
cities = ["New York", "Los Angeles"]

# Safe iteration using zip()
for name, age, city in zip(names, ages, cities):
    print(f"{name}, {age} years old, lives in {city}")

# zip() stops at "Los Angeles" because cities has
# fewer elements than names and ages, preventing
# out-of-bounds errors

# Use zip() to Iterate Over Multiple Lists Safely (cont)
- To handle mismatched lengths differently, itertools.zip_longest() can be used.
- In the following code cell, zip_longest() ensures that "Charlie" is included even though the cities list has fewer elements
- "Unknown" is the default value.

In [None]:
from itertools import zip_longest

names = ["Alice", "Bob", "Charlie"]
ages = [25, 30, 35]
cities = ["New York", "Los Angeles"]

# Safe iteration using zip_longest() with a default value of "Unknown"
for name, age, city in zip_longest(names, ages, cities, fillvalue="Unknown"):
    print(f"{name}, {age} years old, lives in {city}")

# Avoid Modifying Lists While Iterating Over Them
- Modifying a list while iterating over it can lead to unpredictable behavior, including skipped elements, infinite loops, or IndexError exceptions.
- A best practice for more secure coding is to create a copy of the list before iterating or use list comprehensions and filtering to generate a new list instead of modifying the original.
- Use list.copy(), list[:], or list() to be sure that changes do not affect the iteration process.
- If items need to be removed, iterate in reverse or use list comprehensions to avoid altering the list in place.
- For performance-sensitive operations, consider using filter() or itertools.dropwhile() for efficient, memory-safe modifications.

# Using Reverse Iteration (Safe Removal)
- Iterating in reverse ensures that index shifts do not affect upcoming elements.

In [None]:
numbers = [1, 2, 3, 4, 5, 6]

# Iterate in reverse
for i in range(len(numbers) - 1, -1, -1):
    if numbers[i] % 2 == 0:
        del numbers[i]

print(numbers)

# Use List Comprehensions
- Using a list comprehension avoids modifying the original list directly.

In [None]:
numbers = [1, 2, 3, 4, 5, 6]

# Remove even numbers
filtered_numbers = [x for x in numbers if x % 2 != 0]
print(filtered_numbers)

# Use filter() for Large Lists
- filter() is memory-efficient as it processes elements "lazily"
  - Generates elements one by one as needed, reducing memory usage for large datasets

In [None]:
numbers = [1, 2, 3, 4, 5, 6]

filtered_numbers = list(filter(lambda x: x % 2 != 0, numbers))
print(filtered_numbers)

# Use itertools.dropwhile() to Safely and Efficiently Remove Leading Elements
- dropwhile() stops dropping elements as soon as a condition fails.
  - This is useful for sorted lists where unwanted items are at the front.

In [None]:
from itertools import dropwhile

numbers = [2, 4, 6, 1, 3, 5]
remaining_numbers = list(dropwhile(lambda x: x % 2 == 0, numbers))
print(remaining_numbers)

# Dictionaries
## Use dict.get() for Dictionaries Instead of Direct Key Access
- dict.get() for dictionary access is generally safer than direct key access (e.g., my_dict['key']) because it prevents potential KeyError exceptions that could disrupt program flow or unintentionally expose sensitive error messages.
- A default return value can be specified when the key is missing, avoiding unhandled exceptions and reducing the likelihood of information leakage or crashes due to unexpected input or data manipulation by malicious users.
- Gracefully handles edge cases.

# 🛠️ Hands-On: Using dict.get() to Safely Access a Dictionary Element

In [None]:
user_data = {
    "username": "alice",
    "email": "alice@example.com"
    # Note: 'phone' key is missing
}

# safe access using dict.get()
phone = user_data.get("phone", "Not provided")
print(f"Phone: {phone}")

# unsafe access using direct indexing (will raise KeyError)
try:
    phone_direct = user_data["phone"]
    print(f"Phone (direct): {phone_direct}")
except KeyError:
    print("Error: 'phone' key not found — unhandled exception avoided using .get()")

# defaultdict for Missing Keys
- **collections.defaultdict** is a built-in class which proactively handles missing dictionary keys without raising exceptions, enhancing code reliability and security.
- Specifying a default factory function, such as int or list, automatically initializes missing keys with a safe, predictable value
  - Prevents KeyError exceptions that might otherwise expose implementation details or crash the application due to unanticipated input.
- In scenarios where input data is partially controlled by users, using defaultdict maintains program integrity, reduces error-handling complexity, and safeguards against logic flaws that could be exploited by attackers.

# 🛠️ Hands-On: Using defaultdict() to Handle Missing Keys

In [None]:
from collections import defaultdict

# Initialize defaultdict with list as the default factory
user_actions = defaultdict(list)

# Simulated user input (some users may be missing from initial data)
user_actions["alice"].append("login")
user_actions["bob"].append("upload_file")
user_actions["charlie"].append("logout")

# Accessing a non-existent user — will NOT raise KeyError
user_actions["david"].append("download_report")

# Output all user actions
for user, actions in user_actions.items():
    print(f"{user}: {actions}")


# 🛠️ Hands-On: Using defaultdict(int) to Count Things
- Use defaultdict(int) to securely count events like login attempts, API calls, or input errors. Useful for
  - Rate limiting
  - Brute force detection
  - Abuse tracking for unregistered usersput errors.

In [None]:
# count the login attempts per user using defaultdict to avoid manual key checks.

from collections import defaultdict

# Initialize defaultdict with int — default value is 0
login_attempts = defaultdict(int)

# Simulated login attempts (from user input or logs)
attempts = ["alice", "bob", "alice", "charlie", "alice", "bob", "david"]

# Count attempts without checking if the key exists
for user in attempts:
    login_attempts[user] += 1

# print the dictionary
# cast to a true dictionary first so the defaultdict "noise" isn't shown
print(dict(login_attempts))

# "pretty print" output the number of attempts per user
for user, count in login_attempts.items():
    print(f"{user}: {count} login attempt(s)")

# 🛠️ Hands-On: Secure Login Handling with Account Lockout and Event Logging

In [None]:
from collections import defaultdict
from datetime import datetime

# track failed login attempts
login_attempts = defaultdict(int)

# lockout policy
MAX_ATTEMPTS = 3
LOG_FILE = "security_log.txt"

# security_log.txt will contain lockout entries
def log_event(message):
    timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
    with open(LOG_FILE, "a") as f:
        f.write(f"[{timestamp}] {message}\n")

# simulated login handler
def login(user, success):
    if login_attempts[user] >= MAX_ATTEMPTS:
        print(f"***Account for '{user}' is locked!***")
        log_event(f"LOCKOUT: {user} attempted login while locked.")
        return

    if success:
        print(f"{user} logged in successfully.")
        login_attempts[user] = 0  # Reset on success
    else:
        login_attempts[user] += 1
        print(f"Failed login attempt for {user} ({login_attempts[user]})")
        if login_attempts[user] >= MAX_ATTEMPTS:
            print(f"{user} has been locked out after {MAX_ATTEMPTS} failed attempts.")
            log_event(f"LOCKOUT: {user} locked out after {MAX_ATTEMPTS} failed attempts.")

# simulated login attempts
login("alice", False)
login("alice", False)
login("alice", False)
login("alice", True)  # show as locked and logged
login("bob", False)
login("bob", True)
login("carol", False)
login("carol", False)
login("carol", False)

# Using Safer Data Structures
- Use `collections.deque` when implementing fixed-size buffers.
- Good for scenarios like rolling logs, recent event tracking, or sliding windows, where only the most recent items need to be retained.
- Automatically removes oldest entries when the maximum size is reached, eliminating the need for manual cleanup logic.
- Helps prevent unbounded memory growth in applications that process continuous or untrusted input streams, making it both efficient and safer.

# 🛠️ Hands-On: Using a Deque

In [None]:
from collections import deque

# Create a deque with a fixed max size of 3
recent_inputs = deque(maxlen=3)

# Simulated stream of user inputs
inputs = ["a", "b", "c", "d", "e"]

for item in inputs:
    recent_inputs.append(item)
    print(f"Current buffer: {list(recent_inputs)}")


# If You Must Use Indexes, Use Slicing
  - Unlike direct indexing (e.g., my_list[3]), which could raise an IndexError if the index is out of bounds, slicing gracefully handles it.

  # 🛠️ Hands-On: Using Slices

In [None]:
# uncomment for error example
#my_list = [10, 20, 30]
#print(my_list[5])  # IndexError: index out of range

my_list = [10, 20, 30]
print(my_list[:5])  # Prevents out-of-range errors