This repository contains demo code for the secure coding article published in the July 2026 issue of Software Design.
Caution
The code in this repository is intentionally vulnerable demo code intended only to illustrate the article. It evaluates arbitrary Python sent over HTTP via eval / exec, which means anyone who can reach the server can execute arbitrary code on the host.
- Do not expose this server to the public internet, a shared network, or any environment that you do not fully control.
- Run it only on your local machine (it binds to
127.0.0.1by default — do not change this). - Prefer running it inside a disposable environment such as a VM or container.
- Stop the process as soon as you are done experimenting.
You are fully responsible for any consequences of running this code.
- Python 3.10 or later (uses only the standard library — no third-party packages required)
Clone the repository and run either of the demo scripts from the project root:
# Vulnerable baseline
python3 code/mini_py_web.py
# Variant with a naive keyword-based "bypassable" filter
python3 code/mini_py_web_bypass.pyOnce started, the server listens on http://127.0.0.1:8000. Open that URL in a browser on the same machine, enter Python code in the textarea, and click the run button to see the output.
To stop the server, press Ctrl+C in the terminal where it is running.
This repository contains source code under the OSS policy of ZOZO, Inc.