[Python-checkins] cpython (3.2): Closes issue 11133. Fixes two cases where inspect.getattr_static could trigger (original) (raw)
michael.foord python-checkins at python.org
Wed Mar 16 00:19:48 CET 2011
- Previous message: [Python-checkins] cpython: Undo an accidental commit.
- Next message: [Python-checkins] cpython (merge 3.2 -> default): merge 3.2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://hg.python.org/cpython/rev/8c7eac34f7bf changeset: 68575:8c7eac34f7bf branch: 3.2 parent: 68568:8526763a03eb user: Michael Foord <michael at python.org> date: Tue Mar 15 19:20:44 2011 -0400 summary: Closes issue 11133. Fixes two cases where inspect.getattr_static could trigger code execution
files: Doc/library/inspect.rst Lib/inspect.py Lib/test/test_inspect.py Misc/NEWS
diff --git a/Doc/library/inspect.rst b/Doc/library/inspect.rst
--- a/Doc/library/inspect.rst
+++ b/Doc/library/inspect.rst
@@ -589,14 +589,11 @@
that raise AttributeError). It can also return descriptors objects
instead of instance members.
+ If the instance __dict__ is shadowed by another member (for example a
+ property) then this function will be unable to find instance members.
+
.. versionadded:: 3.2
-The only known case that can cause getattr_static to trigger code execution,
-and cause it to return incorrect results (or even break), is where a class uses
-:data:~object.__slots__ and provides a __dict__ member using a property or
-descriptor. If you find other cases please report them so they can be fixed
-or documented.
getattr_static does not resolve descriptors, for example slot descriptors or
getset descriptors on objects implemented in C. The descriptor object
is returned instead of the underlying attribute.
diff --git a/Lib/inspect.py b/Lib/inspect.py
--- a/Lib/inspect.py
+++ b/Lib/inspect.py
@@ -1069,15 +1069,16 @@
instance_dict = object.getattribute(obj, "dict")
except AttributeError:
pass
- return instance_dict.get(attr, _sentinel)
+ return dict.get(instance_dict, attr, _sentinel)
def _check_class(klass, attr):
for entry in _static_getmro(klass):
- try:
- return entry.dict[attr]
- except KeyError:
- pass
+ if not _shadowed_dict(type(entry)):
+ try:
+ return entry.dict[attr]
+ except KeyError:
+ pass
return _sentinel
def _is_type(obj):
@@ -1087,6 +1088,19 @@
return False
return True
+def _shadowed_dict(klass):
+ dict_attr = type.dict["dict"]
+ for entry in _static_getmro(klass):
+ try:
+ class_dict = dict_attr.get(entry)["dict"]
+ except KeyError:
+ pass
+ else:
+ if not (type(class_dict) is types.GetSetDescriptorType and
+ class_dict.name == "dict" and
+ class_dict.objclass is entry):
+ return True
+ return False
def getattr_static(obj, attr, default=_sentinel):
"""Retrieve attributes without triggering dynamic lookup via the
@@ -1101,8 +1115,9 @@
"""
instance_result = _sentinel
if not _is_type(obj):
- instance_result = _check_instance(obj, attr)
klass = type(obj)
+ if not _shadowed_dict(klass):
+ instance_result = _check_instance(obj, attr)
else:
klass = obj
diff --git a/Lib/test/test_inspect.py b/Lib/test/test_inspect.py
--- a/Lib/test/test_inspect.py
+++ b/Lib/test/test_inspect.py
@@ -906,6 +906,53 @@
self.assertEqual(inspect.getattr_static(Something(), 'foo'), 3)
self.assertEqual(inspect.getattr_static(Something, 'foo'), 3)
+ def test_dict_as_property(self):
+ test = self
+ test.called = False
+
+ class Foo(dict):
+ a = 3
+ @property
+ def dict(self):
+ test.called = True
+ return {}
+
+ foo = Foo()
+ foo.a = 4
+ self.assertEqual(inspect.getattr_static(foo, 'a'), 3)
+ self.assertFalse(test.called)
+
+ def test_custom_object_dict(self):
+ test = self
+ test.called = False
+
+ class Custom(dict):
+ def get(self, key, default=None):
+ test.called = True
+ super().get(key, default)
+
+ class Foo(object):
+ a = 3
+ foo = Foo()
+ foo.dict = Custom()
+ self.assertEqual(inspect.getattr_static(foo, 'a'), 3)
+ self.assertFalse(test.called)
+
+ def test_metaclass_dict_as_property(self):
+ class Meta(type):
+ @property
+ def dict(self):
+ self.executed = True
+
+ class Thing(metaclass=Meta):
+ executed = False
+
+ def init(self):
+ self.spam = 42
+
+ instance = Thing()
+ self.assertEqual(inspect.getattr_static(instance, "spam"), 42)
+ self.assertFalse(Thing.executed)
class TestGetGeneratorState(unittest.TestCase):
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -40,6 +40,9 @@
Library
+- Issue #11133: fix two cases where inspect.getattr_static can trigger code
- execution. Patch by Daniel Urban.
Issue #11501: disutils.archive_utils.make_zipfile no longer fails if zlib is not installed. Instead, the zipfile.ZIP_STORED compression is used to create the ZipFile. Patch by Natalia B. Bidart. @@ -48,7 +51,7 @@ encoding was not done if euc-jp or shift-jis was specified as the charset.
Issue #11500: Fixed a bug in the os x proxy bypass code for fully qualified
- IP addresses in the proxy exception list.
- IP addresses in the proxy exception list.
- Issue #11491: dbm.error is no longer raised when dbm.open is called with the "n" as the flag argument and the file exists. The behavior matches
-- Repository URL: http://hg.python.org/cpython
- Previous message: [Python-checkins] cpython: Undo an accidental commit.
- Next message: [Python-checkins] cpython (merge 3.2 -> default): merge 3.2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]