On Wed, Jul 15, 2020, at 21:16, Chris Angelico wrote:
Are you sure of that? I don't have any examples to hand, but are you able to pickle something identified as pkg.module.cls(x)?
This produces find_class('pkg.module', 'cls').
Doing pkg.module.cls.method produces find_class('builtins', 'getattr')(find_class('pkg.module', 'cls'), 'method')
Second of all, with no way to exfiltrate, why is reading arbitrary attributes from objects problematic?
Because the moment you can read arbitrary attributes from arbitrary objects, Python becomes impossible to sandbox.
Not if you can't call them.