[issue29630] REPL tab-completion triggers code execution
Christian Heimes
report at bugs.python.org
Thu Feb 23 05:14:03 EST 2017
Christian Heimes added the comment:
inspect.getattr_static *tries* to get attributes without triggering dunder methods. It's neither fully compatible to getattr() nor does it guarantee that no code is triggered. The function may or may not be secure.
Surprise or not surprise is a matter of perspective. I don't find it surprising.
It's incompatible because it gives different results:
>>> class Example:
... @property
... def example(self):
... def func(): pass
... return func
...
>>> e = Example()
>>> e.exa<TAB>
>>> e.example(
with your patch, I'm getting:
>>> e.exa<TAB>
>>> e.example
Do you notice the difference?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29630>
_______________________________________
More information about the Python-bugs-list
mailing list