[Twisted-Python] what is a non-class class?
Wolfgang Rohdewald
wolfgang.kde at rohdewald.de
Mon Sep 1 16:24:33 MDT 2014
>From spread/jelly.py in _unjelly_method:
- if type(im_class) is not types.ClassType:
raise InsecureJelly("Method found with non-class class.")
Same problem in _unjelly_instance
What is a non-class class or rather what sort of types is meant to
be insecure?
Suggestions for a better error message instead of "non-class class"?
This should work with both old style and new style classes, right
now it works only for old style and fails for new style. Working
with Python3 gives bonus points.
Current source code does not have test cases for both _unjelly_instance
and _unjelly_method using new style classes. My patch for ticket 4935
has a such a test case for _unjelly_method which fails as expected.
If only user defined classes are accepted as secure, see also
https://stackoverflow.com/questions/14612865/how-to-check-if-object-is-instance-of-new-style-user-defined-class
Would it be acceptable to instead exclude an explicit list of
basic types as that stackoverflow answer suggests?
if im_class in (int, long, float, bool, list, set, frozenset, dict, type(None), str,
unicode, tuple, what else?):
raise InsecureJelly
https://twistedmatrix.com/documents/current/api/twisted.spread.jelly.InsecureJelly.html
does not cover this.
Python 2.7.6:
>>> class A(object):
... pass
...
>>> type(A)
<type 'type'>
>>> type(int)
<type 'type'>
>>> import types
>>> types.ClassType
<type 'classobj'>
>>> class B:
... pass
...
>>> type(B)
<type 'classobj'>
Python 3.3:
>>> class A:
... pass
...
>>> type(A)
<class 'type'>
>>> type(int)
<class 'type'>
--
Wolfgang
More information about the Twisted-Python
mailing list