[Patches] [ python-Patches-547176 ] rlcompleter does not expand on [ ]

[SourceForge.net]

Patches item #547176, was opened at 2002-04-22 19:39
Message generated for change (Comment added) made by birkenfeld
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=547176&group_id=5470

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Jaco Schieke (schiekjd)
Assigned to: Nobody/Anonymous (nobody)
Summary: rlcompleter does not expand on [ ]

Initial Comment:
A thread on comp.lang.python details the problem:

http://groups.google.com/groups?
hl=en&threadm=b5ddd682.0204180902.2866a9c0%
40posting.google.com&rnum=1&prev=/groups%3Fhl%3Den%
26selm%3Db5ddd682.0204180902.2866a9c0%
2540posting.google.com

rlcompleter.py does not expand correctly on something 
like:
>>> sim[0].<tab>
since
  m = re.match(r"(\w+(\.\w+)*)\.(\w*)", text)
does not allow for brackets in the match.

I propose:
  m = re.match(r"([\w\[\]]+(\.[\w\[\]]+)*)\.(\w*)", 
text)

to fix this on line 127 in cvs version 1.11




----------------------------------------------------------------------

Comment By: Reinhold Birkenfeld (birkenfeld)
Date: 2005-02-23 19:27

Message:
Logged In: YES 
user_id=1188172

As the other commentors point out, this easily leads to
execution of arbitrary code via __getitem__, which is IMHO a
too big side effect of completing (though IPython does
this). Recommend reject.

----------------------------------------------------------------------

Comment By: Brett Cannon (bcannon)
Date: 2003-05-17 04:02

Message:
Logged In: YES 
user_id=357491

Making this a patch since one is included.

----------------------------------------------------------------------

Comment By: Michael Stone (mbrierst)
Date: 2003-02-04 21:26

Message:
Logged In: YES 
user_id=670441

This isn't really a bug, as (at least currently) this behavior is mentioned in the documentation for rlcompleter (at least it's in the docstring).  

The reason a[0].<tab> isn't completed is that we want to avoid executing arbitrary code.  The current completion mechanism is already a bit dangerous as an object's getattr could be called to execute code with unknown side effects while completing.  It just seems to dangerous to allow indexing, as lots of objects use this for their own purposes.

If this behavior is determined desirable despite the danger, someone with commit privileges should say so, and then someone can submit a patch (I could do it).
Probably this bug should just be closed.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=547176&group_id=5470