Open
Description
Trying to demonstrate a non-compliant race condition, I'm having an issue where race conditions seem to not work on python versions that are higher than python3.10. Whatever example I seem to find online doesn't work on my version of python, which is python 3.11.4.
Not too sure what to do about this, but here is my code example demonstrating a race condition. This seems to work on Python 3.9, but not on anything that's version 3.10 or higher,
""" Non-compliant Code Example """
import logging
import sys
from threading import Thread
logging.basicConfig(level=logging.INFO)
class Number():
"""
Multithreading incompatible class missing locks.
Issue only occures with more then 1 million repetitions.
"""
value = 0
repeats = 1000000
amount = 100
def add(self):
"""Simulating hard work"""
for _ in range(self.repeats):
logging.debug("Number.add: id=%i int=%s size=%s", id(self.value), self.value, sys.getsizeof(self.value))
self.value += self.amount
def remove(self):
"""Simulating hard work"""
for _ in range(self.repeats):
self.value -= self.amount
if __name__ == "__main__":
#####################
# exploiting above code example
#####################
number = Number()
logging.info("id=%i int=%s size=%s", id(number.value), number.value, sys.getsizeof(number.value))
add = Thread(target=number.add)
substract = Thread(target=number.remove)
add.start()
substract.start()
logging.info('Waiting for threads to finish...')
add.join()
substract.join()
logging.info("id=%i int=%s size=%s", id(number.value), number.value, sys.getsizeof(number.value))Not sure how to proceed with CWE-366 at the moment.
We may need another example.