Creating instances of untrusted new-style classes
Michael Spencer
mahs at telcopartners.com
Fri May 26 00:50:58 EDT 2006
Devan L wrote:
> Is there any safe way to create an instance of an untrusted class
> without consulting the class in any way? With old-style classes, I can
> recreate an instance from another one without worrying about malicious
> code (ignoring, for now, malicious code involving attribute access) as
> shown below.
>
>>>> import types
>>>> class Foo:
> ... def __init__(self, who, knows, what, args):
> ... self.mystery_args = (who, knows, what, args)
> ... print "Your code didn't expect the Spanish inquisition!"
> ...
>>>> f = Foo('spam','eggs','ham','bacon') # This would be in a restricted environment, though.
> Your code didn't expect the Spanish inquisition!
>>>> types.InstanceType(Foo, f.__dict__) # This wouldn't, but we never run that code, anyways.
> <__main__.Foo instance at 0x008B5FD0>
>
> I'm not sure how to do the same for new-style classes, if it's at all
> possible to do from within Python. Is there any way to accomplish this,
> or is there no practical way to do so?
>
> Thanks,
> - Devan
>
>>> class A(object):
... def __init__(self, *args):
... self.args = args
... print "Calling __init__"
...
>>> a = A("new","style")
Calling __init__
>>> b = object.__new__(A)
>>> b.__dict__ = a.__dict__.copy()
>>> b.args
('new', 'style')
>>> type(a) is type(b)
True
>>>
HTH
Michael
More information about the Python-list
mailing list