Untrusted code execution
Random832
random832 at fastmail.com
Wed Apr 6 14:38:58 EDT 2016
On Wed, Apr 6, 2016, at 12:04, Chris Angelico wrote:
> On Thu, Apr 7, 2016 at 1:41 AM, Ian Kelly <ian.g.kelly at gmail.com> wrote:
> > type might also be a concern since it can be used to assemble
> > arbitrary classes.
>
> Sadly, this means denying the ability to interrogate an object for its
> type. And no, this won't do:
>
> def safe_type(obj): return type(obj)
>
> because all you need is safe_type(safe_type(1)) and you've just
> regained access to the original 'type' type.
tpdict = {}
class typeproxy:
def __new__(cls, t):
if t in tpdict: return tpdict[t] # so is-comparison works
tpdict[t] = self = object.__new__(cls)
self._type = t
return self
def __instancecheck__(self, obj):
return isinstance(obj, self._type)
def __subclasscheck__(self, cls2):
if isinstance(cls2, typeproxy): cls2 = cls2._type
return issubclass(self._type, cls2)
def __call__(self, obj):
if isinstance(obj, type):
return typeproxy(type(obj))
else:
return type(obj)
safe_type = typeproxy(type)
More information about the Python-list
mailing list