Untrusted code execution

Random832 random832 at fastmail.com
Wed Apr 6 14:38:58 EDT 2016

• Previous message (by thread): Untrusted code execution
• Next message (by thread): Untrusted code execution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

On Wed, Apr 6, 2016, at 12:04, Chris Angelico wrote:
> On Thu, Apr 7, 2016 at 1:41 AM, Ian Kelly <ian.g.kelly at gmail.com> wrote:
> > type might also be a concern since it can be used to assemble
> > arbitrary classes.
>> Sadly, this means denying the ability to interrogate an object for its
> type. And no, this won't do:
>> def safe_type(obj): return type(obj)
>> because all you need is safe_type(safe_type(1)) and you've just
> regained access to the original 'type' type.

tpdict = {}
class typeproxy:
 def __new__(cls, t):
 if t in tpdict: return tpdict[t] # so is-comparison works
 tpdict[t] = self = object.__new__(cls)
 self._type = t
 return self
 def __instancecheck__(self, obj):
 return isinstance(obj, self._type)
 def __subclasscheck__(self, cls2):
 if isinstance(cls2, typeproxy): cls2 = cls2._type
 return issubclass(self._type, cls2)
 def __call__(self, obj):
 if isinstance(obj, type):
 return typeproxy(type(obj))
 else:
 return type(obj)
safe_type = typeproxy(type)

---

• Previous message (by thread): Untrusted code execution
• Next message (by thread): Untrusted code execution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-list mailing list