Message128067
| Author |
daniel.urban |
| Recipients |
daniel.urban, michael.foord |
| Date |
2011年02月06日.16:30:21 |
| SpamBayes Score |
1.8892963e-07 |
| Marked as misclassified |
No |
| Message-id |
<1297009822.22.0.910831968317.issue11133@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
The documentation of getattr_static says:
"The only known case that can cause getattr_static to trigger code execution, and cause it to return incorrect results (or even break), is where a class uses __slots__ and provides a __dict__ member using a property or descriptor. If you find other cases please report them so they can be fixed or documented."
I'd like to report another case: when an object's __dict__ is an instance of a dict subclass which overrides dict.get:
>>> _sentinel = object()
>>>
>>> class MyDict(dict):
... def get(self, key, default=_sentinel):
... print('Hello World!') # This code will execute
... if default is _sentinel:
... return super().get(key)
... else:
... return super().get(key, default)
...
>>> class X:
... def __init__(self):
... self.__dict__ = MyDict()
...
>>> x = X()
>>> inspect.getattr_static(x, 'foo', 0)
Hello World!
0
>>>
(In line 1072. _check_instance calls MyDict.get: instance_dict.get(attr, _sentinel).) |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2011年02月06日 16:30:22 | daniel.urban | set | recipients:
+ daniel.urban, michael.foord |
| 2011年02月06日 16:30:22 | daniel.urban | set | messageid: <1297009822.22.0.910831968317.issue11133@psf.upfronthosting.co.za> |
| 2011年02月06日 16:30:21 | daniel.urban | link | issue11133 messages |
| 2011年02月06日 16:30:21 | daniel.urban | create |
|