[Python-3000] Proposed changes to PEP3101 advanced string formatting -- please discuss and vote! (original) (raw)

Eric V. Smith eric+python-dev at trueblade.com
Wed Mar 14 12:36:43 CET 2007

Nick Coghlan wrote:

Feature: Exception raised if attribute with leading underscore accessed.

The syntax supported by the PEP is deliberately limited in an attempt to increase security. This is an additional security measure, which is on by default, but can be optionally disabled if string.flagformat() is used instead of 'somestring'.format(). -0 This is only an issue if implicit access to locals()/globals() is permitted, and is unlikely to help much in that case (underscores are rarely used with local variables, and those are the most likely to contain juicy information which may be leaked)

That's not true. What this feature is trying to prevent is access to attributes of the passed in objects. For example:

from pep3101 import format class Foo: pass ... format("{0.module}", Foo()) Traceback (most recent call last): File "", line 1, in ? ValueError: Leading underscores not allowed in attribute/index strings at format_string[3]

format("{0.module}", Foo(), _allow_leading_underscores=1) 'main'

format('{0.module.lower}', Foo(), _allow_leading_underscores=1) '<built-in method lower of str object at 0xf6fd3320>'

The thinking is that the format strings might come from a translation, or otherwise not be under the direct control of the original programmer. (I won't go so far as to say it's likely they'll be user-supplied, but I guess it's possible.)

So be preventing access to attributes with leading underscores, we're trying to prevent access to arguably private attributes. I'm not sure it's much of a security measure, but it's something.

Eric.

More information about the Python-3000 mailing list