On Aug 23, 2010, at 1:13 PM, Benjamin Peterson wrote:
2010/8/23 Michael Foord firstname.lastname@example.org:
To me hasattr *looks* like a passive introspection function, and the fact that it can trigger arbitrary code execution is unfortunate - especially because a full workaround is pretty arcane.
Well said. The surprise to me in the OP's example was that the property() was executed. Regular methods aren't run by hasattr() so it's hard to remember that when writing code using hasattr().
That is especially unfortunate because someone turning a regular attribute into a property may be doing so long after client code has been written (IIRC, that was a key use case for properties). IOW, the user of the hasattr() may have had no way of knowing that an exception could ever be raised (because it is perfectly safe with regular attributes and methods).
That's the danger of a dynamic language like Python. Even dir() can now trigger things like that.
That's not a honking good thing. I suggest we don't do more of that.