[Python-Dev] [Python-checkins] r86566 - in python/branches/py3k: Doc/glossary.rst Doc/library/inspect.rst Lib/inspect.py Lib/test/test_inspect.py Misc/NEWS Misc/python-wing4.wpr (original) (raw)

Nick Coghlan ncoghlan at gmail.com
Sat Nov 20 17:01:06 CET 2010

On Sun, Nov 21, 2010 at 1:29 AM, Michael Foord <fuzzyman at voidspace.org.uk> wrote:

Can you give an example of code in a metaclass that may be executed by getattrstatic? It's not that I don't believe you I just can't think of an example. Looking up the class and the mro are the only two examples I can think of (klass.mro and instance.class - and they are noted in the docs?) but aren't metaclass specific.

The description heavily implies that arbitrary Python code won't be executed by calling getattr_static, and that isn't necessarily true. It's almost certain to be true in the case when the metaclass is type, but can't be guaranteed otherwise. The retrieval of class is a normal lookup on the object, so it can trigger all of the things getattr_static is trying to avoid (unavoidable if you want to support proxy classes at all), and the lookup of mro invokes all of those things on the metaclass.

I'll see if I'm still of the same opinion after I sleep on it, but my first impression of the docs was that they slightly oversold the strength of the "doesn't execute arbitrary code" aspect of the new function. The existing caveats were all relating to when getattr() and getattr_static() might give different answers, while the additional caveats I was suggesting related to cases where arbitrary code may still be executed.

Cheers, Nick.

-- Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-Dev mailing list