Python

There’s no Python library for parsing Content Security Policy headers. I checked PyPI, I checked GitHub — nothing. Google has a CSP Evaluator web tool and an npm package, but if you want to analyze CSP programmatically in Python — for recon scripts, bug bounty automation, or CI pipelines — you’re on your own. So I built one. csp-toolkit is a Python library and CLI tool that parses CSP headers, runs 21 weakness checks, finds bypass vectors against a database of 79 known-exploitable domains, scores policies A+ to F, and does a lot more. The current release is v0.6.2 on PyPI (changelog). ...

1. Core Security Foundations Treat all input as untrusted. Validate strictly (whitelists over blacklists), normalize before checks, and enforce types and sizes. Use framework security features instead of writing your own. Least privilege: minimize DB, filesystem, and network permissions. Secrets management: use environment variables or secret stores, never hardcode. Dependency hygiene: pin and audit dependencies with pip-audit or Safety. Secure HTTP headers: add HSTS, X-Frame-Options, CSP, and others. Logging & monitoring: log relevant events, but never credentials. Testing: integrate Bandit and Semgrep in CI. 2. Preventing SQL Injection (SQLi) Principle: Never build queries using string concatenation. ...

Python 3.13: A Major Step Forward for Python Developers Released on October 7, 2024, Python 3.13 brings several high-impact enhancements—most notably a modernized REPL, experimental performance features, improved developer ergonomics, and valuable standard library upgrades. Real Python Python.org 1. A Smarter, More User-Friendly REPL Python 3.13’s interactive interpreter (REPL) is a substantial quality-of-life improvement: Block-level editing and history: Now, up-arrow lets you recall entire code blocks—no more juggling line-by-line history. ...

Python’s subinterpreters provide a way to run multiple isolated Python interpreters within a single process. Each subinterpreter has its own memory space, module state, and execution context — like separate Python processes, but sharing the same OS process and its resources. This feature has been in development for years and became practically usable in Python 3.12+ with PEP 684 (per-interpreter GIL). What Are Subinterpreters? Each subinterpreter runs its own Python code with its own: ...

The Requests library is the de facto standard for making HTTP requests in Python. It wraps the complexities of urllib into a clean, intuitive API that reads almost like English. Whether you’re calling APIs, scraping pages, or automating web interactions, Requests is usually the right tool. Installation pip install requests Making a GET Request import requests response = requests.get("https://jsonplaceholder.typicode.com/posts/1") print(response.status_code) # Output: 200 print(response.json()) # Output: {'userId': 1, 'id': 1, 'title': '...', 'body': '...'} Use .json() to parse JSON responses directly — no need to import json and call json.loads() separately. ...

List slicing is one of Python’s most elegant features — a concise syntax for extracting portions of a list without writing explicit loops. Once you internalize the [start:end:step] pattern, you’ll use it constantly. Basic Syntax list[start:end:step] start — index of the first element to include (default: beginning) end — index of the first element to exclude (default: end) step — interval between elements (default: 1) The key insight: start is inclusive, end is exclusive. ...

The in operator is one of Python’s most intuitive keywords. It checks whether a value exists inside a container — a list, tuple, set, dictionary, or string — and returns True or False. Simple as it sounds, understanding when and how to use it (and its performance implications) makes a real difference in your code. Lists and Tuples fruits = ['apple', 'banana', 'cherry'] if 'apple' in fruits: print("Apple is in the list") # Output: Apple is in the list Tuples work identically: ...

Dunder methods — short for “double underscore” methods — are Python’s mechanism for letting your classes hook into the language’s built-in behavior. When you write len(obj), Python calls obj.__len__(). When you write a + b, Python calls a.__add__(b). Understanding dunders is the key to writing classes that feel native to Python. What is a Dunder Method? A dunder method has a name surrounded by double underscores: __init__, __str__, __add__, etc. Python defines dozens of these hooks. You override them in your classes to customize how instances behave with operators, built-in functions, and language constructs. ...

List comprehensions are one of Python’s most distinctive features — a concise, readable syntax for creating lists from existing iterables. They replace verbose for loops with a single expressive line, and they’re faster too, because the iteration happens in C under the hood rather than through the Python bytecode interpreter. Basic Syntax [expression for item in iterable if condition] expression — the value to include in the new list item — a temporary variable that takes each value from the iterable iterable — any object you can loop over: list, tuple, string, range, generator condition (optional) — a filter that includes only items that pass the test Simple Examples Squares of even numbers: ...

Magic methods (also called dunder methods) are special methods surrounded by double underscores that let you define how your class instances interact with Python’s built-in operations. When you use + on two objects, Python calls __add__. When you call len(), Python calls __len__. This reference covers the most commonly used magic methods organized by category. Initialization and Lifecycle Method Triggered By Purpose __init__(self, ...) MyClass() Initialize instance attributes __new__(cls, ...) Before __init__ Control instance creation (rarely needed) __del__(self) Object garbage collected Cleanup (prefer context managers instead) class User: def __init__(self, name, email): self.name = name self.email = email user = User("Carl", "carl@example.com") String Representation Method Triggered By Purpose __str__(self) str(obj), print(obj) Human-readable string __repr__(self) repr(obj), REPL display Developer/debug string __format__(self, spec) format(obj, spec), f-strings Custom formatting class Point: def __init__(self, x, y): self.x = x self.y = y def __repr__(self): return f"Point({self.x}, {self.y})" def __str__(self): return f"({self.x}, {self.y})" p = Point(3, 4) print(repr(p)) # Point(3, 4) print(p) # (3, 4) Comparison Operators Method Operator __eq__(self, other) == __ne__(self, other) != __lt__(self, other) < __le__(self, other) <= __gt__(self, other) > __ge__(self, other) >= from functools import total_ordering @total_ordering class Temperature: def __init__(self, celsius): self.celsius = celsius def __eq__(self, other): return self.celsius == other.celsius def __lt__(self, other): return self.celsius < other.celsius freezing = Temperature(0) boiling = Temperature(100) print(freezing < boiling) # True print(freezing >= boiling) # False (from @total_ordering) With @total_ordering, you only need __eq__ and one of __lt__/__gt__ — Python derives the rest. ...