[Python-checkins] cpython (3.2): Metaclasses with metaclasses with a __dict__ descriptor can no longer trigger

michael.foord python-checkins at python.org
Thu Dec 22 02:13:41 CET 2011


http://hg.python.org/cpython/rev/8f33758df19a
changeset:   74122:8f33758df19a
branch:      3.2
parent:      74115:82557279efd2
user:        Michael Foord <michael at voidspace.org.uk>
date:        Thu Dec 22 01:13:37 2011 +0000
summary:
  Metaclasses with metaclasses with a __dict__ descriptor can no longer trigger code execution with inspect.getattr_static.
Closes issue 11829.

files:
  Lib/inspect.py           |   9 +++++----
  Lib/test/test_inspect.py |  17 +++++++++++++++++
  Misc/NEWS                |   3 +++
  3 files changed, 25 insertions(+), 4 deletions(-)


diff --git a/Lib/inspect.py b/Lib/inspect.py
--- a/Lib/inspect.py
+++ b/Lib/inspect.py
@@ -1161,10 +1161,11 @@
     if obj is klass:
         # for types we check the metaclass too
         for entry in _static_getmro(type(klass)):
-            try:
-                return entry.__dict__[attr]
-            except KeyError:
-                pass
+            if _shadowed_dict(type(entry)) is _sentinel:
+                try:
+                    return entry.__dict__[attr]
+                except KeyError:
+                    pass
     if default is not _sentinel:
         return default
     raise AttributeError(attr)
diff --git a/Lib/test/test_inspect.py b/Lib/test/test_inspect.py
--- a/Lib/test/test_inspect.py
+++ b/Lib/test/test_inspect.py
@@ -1088,6 +1088,23 @@
         self.assertIsNot(inspect.getattr_static(sys, "version", sentinel),
                          sentinel)
 
+    def test_metaclass_with_metaclass_with_dict_as_property(self):
+        class MetaMeta(type):
+            @property
+            def __dict__(self):
+                self.executed = True
+                return dict(spam=42)
+
+        class Meta(type, metaclass=MetaMeta):
+            executed = False
+
+        class Thing(metaclass=Meta):
+            pass
+
+        with self.assertRaises(AttributeError):
+            inspect.getattr_static(Thing, "spam")
+        self.assertFalse(Thing.executed)
+
 class TestGetGeneratorState(unittest.TestCase):
 
     def setUp(self):
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -97,6 +97,9 @@
 Library
 -------
 
+- Issue #11829: Fix code execution holes in inspect.getattr_static for
+  metaclasses with metaclasses. Patch by Andreas Stührk.
+
 - Issue #1785: Fix inspect and pydoc with misbehaving descriptors.
 
 - Issue #11813: Fix inspect.getattr_static for modules. Patch by Andreas

-- 
Repository URL: http://hg.python.org/cpython


More information about the Python-checkins mailing list