New submission from Carl Meyer: The inspect module contains a getattr_static() function, for accessing an arbitrary attribute on a Python object without risking descriptor or __getattr__ code execution. This is useful for introspection tools that don't want to trigger any side effects.
The inspect module also contains a getmembers() function, which returns a mapping of names to values for all the object's members. This function could also be very useful to introspection tools, except that internally it uses normal getattr, thus reintroduces the risk of arbitrary code execution. It would be useful to have an equivalent to getmembers() that is descriptor-safe. This could be done either by introducing a new getmembers_static(), or possibly by adding a `getattr` optional keyword argument to getmembers, that would take a getattr-equivalent callable to use in fetching attributes from the object. (The latter option might render some internal assumptions of getmembers() incorrect, needs experimentation.) ---------- components: Library (Lib) messages: 294876 nosy: carljm priority: normal severity: normal status: open title: missing feature in inspect module: getmembers_static type: enhancement versions: Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30533> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
