[New-bugs-announce] [issue44596] Operand coercion breaks MappingProxyType encapsulation

Nick Coghlan report at bugs.python.org
Sat Jul 10 02:55:40 EDT 2021 

New submission from Nick Coghlan <ncoghlan at gmail.com>:

The fast locals proxy implementation for PEP 558 used the existing MappingProxyType implementation as a starting point.

This meant I noticed the following code in the mapping proxy comparison implementation:

======
static PyObject *
mappingproxy_richcompare(mappingproxyobject *v, PyObject *w, int op)
{
    return PyObject_RichCompare(v->mapping, w, op);
}
======

Seeing that code lead to trying the following experiment:

==========
>>> from types import MappingProxyType
>>> d = {}
>>> proxy = MappingProxyType(d)
>>> class Sneaky:
...     def __eq__(self, other):
...         if other is d:
...             raise RuntimeError("Broke encapsulation")
... 
>>> proxy == Sneaky()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<stdin>", line 4, in __eq__
RuntimeError: Broke encapsulation
==========

The new `__or__` implementation has a corresponding loophole:

========
>>> class SneakyOr:
...     def __or__(self, other):
...         if other is d:
...             raise RuntimeError("Broke encapsulation")
...     def __ror__(self, other):
...         return self.__or__(other)
... 
>>> proxy | SneakyOr()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<stdin>", line 6, in __ror__
  File "<stdin>", line 4, in __or__
RuntimeError: Broke encapsulation
========

Delegating these operations to the underlying mapping via the abstract operation layer means that the underlying mapping gets exposed to the operand coercion machinery and can hence be accessed by the other operand.

----------
messages: 397242
nosy: ncoghlan
priority: normal
severity: normal
stage: needs patch
status: open
title: Operand coercion breaks MappingProxyType encapsulation
type: behavior
versions: Python 3.11

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44596>
_______________________________________

More information about the New-bugs-announce mailing list