[issue23967] Make inspect.signature expression evaluation more powerful

Wed, 15 Apr 2015 11:53:21 -0700 

New submission from Larry Hastings:

Peter's working on converting socket to use Argument Clinic.  He had a default 
that really should look like this:

    min(SOME_SOCKET_MODULE_CONSTANT, 128)

"min" wasn't something we'd needed before.  I thought about it and realized we 
could do a much better job of simulating the evaluation context of a shared 
module.

Initially I thought, all I needed was to bolster the environment we used for 
eval() to add the builtins.  (Which I've done.)  But this wasn't sufficient 
because we deliberately used ast.literal_eval(), which doesn't support function 
calls by design for superior security.  Or subscripting, or attribute access.  
We already worked around those I think.

But how concerned are we about security?  What is the attack vector here?  If 
the user is able to construct an object that has a villainous 
__text_signature__ on it... surely they could already do as they like?

So here's a first draft at modifying the __text_signature__ evaluation 
environment so it can handle much more sophisticated expressions.  It can use 
anything from builtins, or anything in sys.modules, or anything in the current 
module; it can call functions, and subscript, and access attributes, and 
everything.

To make this work I had to write an ast printer that produces evaluatable 
Python code.  Note that it's not complete, I know it's not complete, it's 
missing loads of operators.  Assume that if this is a good idea I will add all 
the missing operators.

Nick was worried that *in the future* we might expose a "turn this string into 
a signature" function.  That might make an easier attack vector.  So he asked 
that the "trusted=" keyword flag be added, and the full-on eval only happen if 
the string is trusted.

----------
assignee: larry
components: Library (Lib)
files: larry.improved.signature.expressions.1.txt
messages: 241140
nosy: larry, ncoghlan, pdmccormick, serhiy.storchaka, yselivanov, zach.ware
priority: normal
severity: normal
stage: patch review
status: open
title: Make inspect.signature expression evaluation more powerful
type: enhancement
versions: Python 3.5
Added file: 
http://bugs.python.org/file39047/larry.improved.signature.expressions.1.txt

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue23967>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to