[Python-Dev] 'hasattr' is broken by design

Raymond Hettinger raymond.hettinger at gmail.com
Mon Aug 23 22:46:48 CEST 2010


On Aug 23, 2010, at 1:13 PM, Benjamin Peterson wrote:

> 2010/8/23 Michael Foord <fuzzyman at voidspace.org.uk>:
>> To me hasattr *looks* like a passive introspection function, and the fact
>> that it can trigger arbitrary code execution is unfortunate - especially
>> because a full workaround is pretty arcane.

Well said.  The surprise to me in the OP's example was that
the property() was executed.  Regular methods aren't run
by hasattr() so it's hard to remember that when writing code using hasattr().

That is especially unfortunate because someone turning a regular
attribute into a property may be doing so long after client code has
been written (IIRC, that was a key use case for properties).  
IOW, the user of the hasattr() may have had no way
of knowing that an exception could ever be raised
(because it is perfectly safe with regular attributes and methods).


> That's the danger of a dynamic language like Python. Even dir() can
> now trigger things like that.

That's not a honking good thing.
I suggest we don't do more of that.



Raymond



More information about the Python-Dev mailing list