diff options
| author | Michael Foord <michael@voidspace.org.uk> | 2011-12-22 01:13:37 (GMT) |
|---|---|---|
| committer | Michael Foord <michael@voidspace.org.uk> | 2011-12-22 01:13:37 (GMT) |
| commit | 3ba95f8bd984a0033c0b2da9974f67f537dedc9e (patch) | |
| tree | ea10caf6115d029111ef9413fbb1e943df8546c7 | |
| parent | 65a3f4b8c57a761cfe0e6ee14565db421c50f4c0 (diff) | |
| download | cpython-3ba95f8bd984a0033c0b2da9974f67f537dedc9e.zip cpython-3ba95f8bd984a0033c0b2da9974f67f537dedc9e.tar.gz cpython-3ba95f8bd984a0033c0b2da9974f67f537dedc9e.tar.bz2 | |
Metaclasses with metaclasses with a __dict__ descriptor can no longer trigger code execution with inspect.getattr_static.
Closes issue 11829.
| -rw-r--r-- | Lib/inspect.py | 9 | ||||
| -rw-r--r-- | Lib/test/test_inspect.py | 17 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
3 files changed, 25 insertions, 4 deletions
diff --git a/Lib/inspect.py b/Lib/inspect.py index ffbe66f..2031755 100644 --- a/Lib/inspect.py +++ b/Lib/inspect.py @@ -1161,10 +1161,11 @@ def getattr_static(obj, attr, default=_sentinel): if obj is klass: # for types we check the metaclass too for entry in _static_getmro(type(klass)): - try: - return entry.__dict__[attr] - except KeyError: - pass + if _shadowed_dict(type(entry)) is _sentinel: + try: + return entry.__dict__[attr] + except KeyError: + pass if default is not _sentinel: return default raise AttributeError(attr) diff --git a/Lib/test/test_inspect.py b/Lib/test/test_inspect.py index 56f9929..fad4d5a 100644 --- a/Lib/test/test_inspect.py +++ b/Lib/test/test_inspect.py @@ -1088,6 +1088,23 @@ class TestGetattrStatic(unittest.TestCase): self.assertIsNot(inspect.getattr_static(sys, "version", sentinel), sentinel) + def test_metaclass_with_metaclass_with_dict_as_property(self): + class MetaMeta(type): + @property + def __dict__(self): + self.executed = True + return dict(spam=42) + + class Meta(type, metaclass=MetaMeta): + executed = False + + class Thing(metaclass=Meta): + pass + + with self.assertRaises(AttributeError): + inspect.getattr_static(Thing, "spam") + self.assertFalse(Thing.executed) + class TestGetGeneratorState(unittest.TestCase): def setUp(self): @@ -97,6 +97,9 @@ Core and Builtins Library ------- +- Issue #11829: Fix code execution holes in inspect.getattr_static for + metaclasses with metaclasses. Patch by Andreas Stührk. + - Issue #1785: Fix inspect and pydoc with misbehaving descriptors. - Issue #11813: Fix inspect.getattr_static for modules. Patch by Andreas |