Message294876
The inspect module contains a getattr_static() function, for accessing an arbitrary attribute on a Python object without risking descriptor or __getattr__ code execution. This is useful for introspection tools that don't want to trigger any side effects.
The inspect module also contains a getmembers() function, which returns a mapping of names to values for all the object's members. This function could also be very useful to introspection tools, except that internally it uses normal getattr, thus reintroduces the risk of arbitrary code execution.
It would be useful to have an equivalent to getmembers() that is descriptor-safe. This could be done either by introducing a new getmembers_static(), or possibly by adding a `getattr` optional keyword argument to getmembers, that would take a getattr-equivalent callable to use in fetching attributes from the object. (The latter option might render some internal assumptions of getmembers() incorrect, needs experimentation.) |
|
Date |
User |
Action |
Args |
2017-05-31 22:52:48 | carljm | set | recipients:
+ carljm |
2017-05-31 22:52:48 | carljm | set | messageid: <1496271168.24.0.639482608296.issue30533@psf.upfronthosting.co.za> |
2017-05-31 22:52:48 | carljm | link | issue30533 messages |
2017-05-31 22:52:48 | carljm | create | |
|