Re: [Python-Dev] Challenge: Please break this! [Now with blog post]

Victor Stinner Mon, 23 Feb 2009 16:14:38 -0800

Le Tuesday 24 February 2009 00:22:19 tav, vous avez écrit :
>   guido> >>> class S(str):
>   guido> ...   def __eq__(self, o): print o; return 'r' == o
>   guido> [snip]
>
> Very devious -- @eichin and Guido!


mode = str(mode) is not enough to protect FileReader about evil object 
faking "r" string. Example without safelite.py:
--------------------
class Mode(str):
   def __str(__self):
      return self
   def __eq__(self, x):
      return x == 'r'
mode = Mode('w')
mode = str(mode)
assert mode == 'r'  # ok !
f=open('x', mode)  -> opened in write mode
--------------------

... hey! The rules (safelite.py) changed one more time! The check on mode is 
now:

        if type(mode) is not type(''):
            raise TypeError("mode has to be a string.")

Could you keep all versions of safelite.py? (eg. rename new version as 
safelite2.py, safelite3.py, etc.)

-- 
Victor Stinner aka haypo
http://www.haypocalc.com/blog/
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Challenge: Please break this! [Now with blog post]

Reply via email to