mcsee mcsee
🏠
mcsee
/ password_reset_normalized.py
Last active
December 15, 2025 16:04
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import unicodedata | |
| def normalize_email(email): | |
| # Convert to NFKC normalized form | |
| normalized = unicodedata.normalize('NFKC', email) | |
| # Ensure only ASCII characters | |
| try: | |
| normalized.encode('ascii') | |
| except UnicodeEncodeError: |
mcsee
/ password_reset.py
Last active
December 15, 2025 16:04
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def reset_password(email_from_ui): | |
| # email_from_ui = "victim@gmàil.com" | |
| # (attacker's Unicode address from UI) | |
| # Database with utf8mb4_unicode_ci collation | |
| # treats 'à' = 'a', so this query finds: | |
| # [email protected] stored in the database | |
| cursor.execute( | |
| "SELECT * FROM users WHERE email = %s", | |
| (email_from_ui,) |
mcsee
/ SecureRepository.php
Created
December 13, 2025 22:48
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| final class UserRepository { | |
| private Database $database; | |
| public function __construct(Database $database) { | |
| $this->database = $database; | |
| } | |
| public function find(UserId $id): User { |
mcsee
/ UserRepository.php
Created
December 13, 2025 22:47
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| class UserRepository { | |
| public function find($id){ | |
| $conn = mysqli_connect( | |
| "localhost", // Pull Request comment - Bad indentation | |
| "root", | |
| "password123", | |
| "app" | |
| ); |
mcsee
/ McpMessageParserMetaprogrammingTest.php
Last active
December 14, 2025 15:58
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| use PHPUnit\Framework\TestCase; | |
| final class McpMessageParserTest extends TestCase { | |
| private function invokePrivateMethod( | |
| $object, | |
| $methodName, | |
| array $parameters = [] | |
| ) { |
mcsee
/ MethodObject.php
Last active
December 14, 2025 15:58
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| final class McpMessageParser { | |
| private $raw; | |
| public function parse() { | |
| // Step 5: Replace the private method call | |
| // with the new object | |
| $stripper = new CharacterStripper($this->raw); | |
| return $stripper->strip(); |
mcsee
/ McpParser.php
Created
December 8, 2025 14:22
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| final class McpMessageParser { | |
| private $raw; | |
| public function parse() { | |
| return $this->stripStrangeCharacters($this->raw); | |
| } | |
| // This is the private method me need to test |
mcsee
/ safe.rs
Last active
November 29, 2025 21:10
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fn load_and_validate(max: usize) -> Result<Vec<Feature>, String> { | |
| let raw: Vec<Result<Feature, Error>> = load_features_from_db(); | |
| if raw.len() > max { | |
| return Err(format!( | |
| "too many features: {} > {}", | |
| raw.len(), max | |
| )); | |
| } | |
mcsee
/ unsafe.rs
Last active
November 29, 2025 21:15
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let features: Vec<Feature> = load_features_from_db(); | |
| let max = 200; | |
| assert!(features.len() <= max); | |
| # This magic number assumption | |
| # is actually wrong | |
| for f in features { | |
| proxy.add_bot_feature(f.unwrap()); | |
| # You also call unwrap() on every feature. | |
| # If the database returns an invalid entry |
mcsee
/ QueryBuilderTexts.java
Last active
November 17, 2025 13:45
This gist belongs to Clean Code Cookbook http://cleancodecookbook.com By Maximiliano Contieri http://maximilianocontieri.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class QueryBuilder { | |
| public String buildEmployeeQuery() { | |
| // 1. Identify multi-line string concatenations or strings | |
| // with excessive escape sequences | |
| // 2. Replace opening quote and concatenation operators | |
| // with triple quotes (""") | |
| // 3. Remove escape sequences for quotes and newlines | |
| // 4. Adjust indentation to match your code style | |
| // 5. Add .strip() for single-line regex patterns or | |
| // when trailing newlines cause issues |
NewerOlder