[Python-Dev] Challenge: Please break this! [Now with blog post]
Victor Stinner
victor.stinner at haypocalc.com
Tue Feb 24 01:14:02 CET 2009
Le Tuesday 24 February 2009 00:22:19 tav, vous avez écrit :
> guido> >>> class S(str):
> guido> ... def __eq__(self, o): print o; return 'r' == o
> guido> [snip]
>
> Very devious -- @eichin and Guido!
mode = str(mode) is not enough to protect FileReader about evil object
faking "r" string. Example without safelite.py:
--------------------
class Mode(str):
def __str(__self):
return self
def __eq__(self, x):
return x == 'r'
mode = Mode('w')
mode = str(mode)
assert mode == 'r' # ok !
f=open('x', mode) -> opened in write mode
--------------------
... hey! The rules (safelite.py) changed one more time! The check on mode is
now:
if type(mode) is not type(''):
raise TypeError("mode has to be a string.")
Could you keep all versions of safelite.py? (eg. rename new version as
safelite2.py, safelite3.py, etc.)
--
Victor Stinner aka haypo
http://www.haypocalc.com/blog/
More information about the Python-Dev
mailing list