[issue29630] REPL tab-completion triggers code execution

Francisco Demartino added the comment: Serhiy, Chris, thank you for your additional comments. They surely helped me understand why my solution to this "problem?" isn't that good (also I slept on it a bit and maybe that helped). I still ponder for a way to get autocompletion while

[issue29622] ast module doesn't support optional fields of Parser/Python.asdl

INADA Naoki added the comment: @mbussonn With PR 249, "import os" and "%timeit" works fine. -- ___ Python tracker ___

[issue29622] ast module doesn't support optional fields of Parser/Python.asdl

INADA Naoki added the comment: Now trailing optional fields are optional arguments of AST type. -- ___ Python tracker ___

[issue29176] /tmp does not exist on Android and is used by curses.window.putwin()

STINNER Victor added the comment: > POSIX.1-2001 specifies: an error message may be written to stdout if the > stream cannot be opened. At least, I don't see such message in the Android implementation: https://android.googlesource.com/platform/bionic/+/android-5.0.0_r1/libc/bionic/tmpfile.cpp

[issue29176] /tmp does not exist on Android and is used by curses.window.putwin()

Serhiy Storchaka added the comment: I hope that this never happen in real world, but in theory this change can introduce regression. That is why I think it should be documented in Misc/NEWS. -- ___ Python tracker

[issue29630] REPL tab-completion triggers code execution

Christian Heimes added the comment: inspect.getattr_static *tries* to get attributes without triggering dunder methods. It's neither fully compatible to getattr() nor does it guarantee that no code is triggered. The function may or may not be secure. Surprise or not surprise is a matter of

[issue29622] ast module doesn't support optional fields of Parser/Python.asdl

Changes by INADA Naoki : -- pull_requests: +216 ___ Python tracker ___ ___

[issue29630] REPL tab-completion triggers code execution

Serhiy Storchaka added the comment: It is less useful because don't work with dynamic attributes (with __getattar__ and __getattribute__). And if executing property getters is an issue (I don't think it is), this change doesn't fix it completely. --

[issue22273] abort when passing certain structs by value using ctypes

Eryk Sun added the comment: > Perhaps you mean 16 rather than 8? Sorry, that was a misfire. It should be 16. -- ___ Python tracker ___

[issue29631] Error “importlib.h, importlib_external.h updated. You will need to rebuild pythoncore to see the changes.” is reported when build Python on Winodws

New submission from Karen: We use VS2015 to build Python(branch 3.6)on Windows. It failed with error "importlib.h, importlib_external.h updated. You will need to rebuild pythoncore to see the changes". This error is reported from Python 3.6 branch revision 3ab24bd. The detailed error log file

[issue29629] rgb_to_hls in colorsys.py

Changes by Madhavendra Sharma : -- resolution: -> not a bug stage: -> resolved status: open -> closed ___ Python tracker

[issue29630] REPL tab-completion triggers code execution

Francisco Demartino added the comment: > There is no way to safely inspect any Python object without triggering some > dunder functions like __getattr__, __getattribute__ or __dir__. But somehow inspect.getattr_static can do it? > Your change is not backwards compatible and makes

[issue29629] rgb_to_hls in colorsys.py

Madhavendra Sharma added the comment: OK, That's fine. Thanks for the clarification. But most of the calculations I found for the conversion from RGB to HLS contains H = 60 * h' that's why I could not interpret it properly. Even on the same wiki page calculations specific to RGB to HLS were

[issue29630] REPL tab-completion triggers code execution

Christian Heimes added the comment: Your change is not backwards compatible and makes auto-completion less useful. -- ___ Python tracker ___

[issue28121] If module starts with comment or empty line then frame.f_code.co_firstlineno is inconsistent with inspect.findsource

Aivar Annamaa added the comment: Looks like I misinderstood inspect.findsource. I thought it is supposed to give only the code for argument object (eg. only def code when given a function), but looks like it is giving the whole file. Unfortunately inspect.findsource is not documented in

[issue29630] REPL tab-completion triggers code execution

Francisco Demartino added the comment: I've updated that branch and made a pull request (https://github.com/python/cpython/pull/248) I think this is a good compromise: inspect.getattr_static can tell if it's a property, and in that case we don't call getattr on it to prevent code execution

[issue29630] REPL tab-completion triggers code execution

Changes by Francisco Demartino : -- pull_requests: +213 status: pending -> open ___ Python tracker ___

[issue29630] REPL tab-completion triggers code execution

Christian Heimes added the comment: I agree with Serhiy. There is no way to safely inspect any Python object without triggering some dunder functions like __getattr__, __getattribute__ or __dir__. -- nosy: +christian.heimes resolution: -> not a bug stage: -> resolved status: open ->

[issue29630] REPL tab-completion triggers code execution

Serhiy Storchaka added the comment: This is how Python works. Accessing an attribute (and even checking that the attribute exists) can trigger code executing. Changes in https://github.com/franciscod/cpython/tree/bpo-29630 break autocompliting of proxy objects. And in any case it triggers

[issue22273] abort when passing certain structs by value using ctypes

Vinay Sajip added the comment: Thanks for the comments. Using your suggestions simplifies things quite a bit. Still finding my way around :-) > Regarding structs with bitfields and unions, we could add an stgdict flag to > prevent passing them as arguments in the Unix X86_64 ABI Is this to

[issue28121] If module starts with comment or empty line then frame.f_code.co_firstlineno is inconsistent with inspect.findsource

Louie Lu added the comment: Sorry, but I can't reproduce at 3.7, 3.5, or 2.7. the result shows me that inspect does respect comment line. ➜ cpython git:(350) ✗ ./python /tmp/main.py 2 (['# First line\n', 'import inspect\n', 'frame = inspect.currentframe()\n',

[issue29630] REPL tab-completion triggers code execution

Francisco Demartino added the comment: This branch (working on the PR) fixes it: https://github.com/franciscod/cpython/tree/bpo-29630 -- ___ Python tracker

[issue29624] Python 3.5.3 x86 web installer cannot install launcher

Tim Golden added the comment: Since the webmaster@ address tends to bear the brunt of these, can I make sure I understand the situation? * The only installers affected are those for x86/32-bit Windows 3.5.3 * By default [I just checked] the launcher checkbox is not checked * If it *is*

[issue29630] REPL tab-completion triggers code execution

Louie Lu added the comment: Could it be the problem from readline? Using python 2 with readline trigger same behavior. -- ___ Python tracker ___

[issue29630] REPL tab-completion triggers code execution

Louie Lu added the comment: I can reproduce the problem in Python 3.7. -- nosy: +louielu ___ Python tracker ___

[issue16575] ctypes: unions as arguments

Changes by Vinay Sajip : -- nosy: +vinay.sajip ___ Python tracker ___ ___

[issue16576] ctypes: structure with bitfields as argument

Changes by Vinay Sajip : -- nosy: +vinay.sajip ___ Python tracker ___ ___

[issue29630] REPL tab-completion triggers code execution

New submission from Francisco Demartino: On the REPL, when autocompleting with the TAB key, getattr is called, potentially triggering code execution. This took me by surprise. Until you press RETURN, it should be pretty safe to go around autocompleting with certainty that you won't run any

[issue26628] Undefined behavior calling C functions with ctypes.Union arguments

Changes by Vinay Sajip : -- nosy: +vinay.sajip ___ Python tracker ___ ___

<    1   2