attribute lookup in simple_eval

thomasballinger · thomasballinger · commit f55d7d5d81c4 · 2015-12-25T12:10:51.000-08:00
diff --git a/bpython/simpleeval.py b/bpython/simpleeval.py
@@ -34,6 +34,7 @@
 
 from bpython import line as line_properties
 from bpython._py3compat import py3
+from bpython.inspection import is_new_style
 
 _string_type_nodes = (ast.Str, ast.Bytes) if py3 else (ast.Str,)
 _numeric_types = (int, float, complex) + (() if py3 else (long,))
@@ -72,7 +73,9 @@ def safe_eval(expr, namespace):
 def simple_eval(node_or_string, namespace=None):
     """
     Safely evaluate an expression node or a string containing a Python
-    expression.  The string or node provided may only consist of:
+    expression without triggering any user code.
+
+    The string or node provided may only consist of:
     * the following Python literal structures: strings, numbers, tuples,
         lists, and dicts
     * variable names causing lookups in the passed in namespace or builtins
@@ -144,6 +147,12 @@ def _convert(node):
             index = _convert(node.slice.value)
             return safe_getitem(obj, index)
 
+        # this is a deviation from literal_eval: we allow attribute access
+        if isinstance(node, ast.Attribute):
+            obj = _convert(node.value)
+            attr = node.attr
+            return safe_get_attribute(obj, attr)
+
         raise ValueError('malformed string')
     return _convert(node_or_string)
 
@@ -225,3 +234,46 @@ def evaluate_current_attribute(cursor_offset, line, namespace=None):
     except AttributeError:
         raise EvaluationError(
                 "can't lookup attribute %s on %r" % (attr.word, obj))
+
+
+def safe_get_attribute(obj, attr):
+    """Gets attributes without triggering descriptors on new-style clases"""
+    if is_new_style(obj):
+        result = safe_get_attribute_new_style(obj, attr)
+        if isinstance(result, member_descriptor):
+            # will either be the same slot descriptor or the value
+            return getattr(obj, attr)
+        return result
+    return getattr(obj, attr)
+
+
+class _ClassWithSlots(object):
+    __slots__ = ['a']
+member_descriptor = type(_ClassWithSlots.a)
+
+
+def safe_get_attribute_new_style(obj, attr):
+    """Returns approximately the attribute returned by getattr(obj, attr)
+
+    The object returned ought to be callable if getattr(obj, attr) was.
+    Fake callable objects may be returned instead, in order to avoid executing
+    arbitrary code in descriptors.
+
+    If the object is an instance of a class that uses __slots__, will return
+    the member_descriptor object instead of the value.
+    """
+    if not is_new_style(obj):
+        raise ValueError("%r is not a new-style class or object" % obj)
+    to_look_through = (obj.mro()
+                       if hasattr(obj, 'mro')
+                       else [obj] + type(obj).mro())
+
+    found_in_slots = hasattr(obj, '__slots__') and attr in obj.__slots__
+    for cls in to_look_through:
+        if hasattr(cls, '__dict__') and attr in cls.__dict__:
+            return cls.__dict__[attr]
+
+    if found_in_slots:
+        return AttributeIsEmptySlot
+
+    raise AttributeError()
diff --git a/bpython/test/test_autocomplete.py b/bpython/test/test_autocomplete.py
@@ -235,6 +235,17 @@ def method(self, x):
                                  'In Python 3 there are no old style classes')
 
 
+class Properties(Foo):
+
+    @property
+    def asserts_when_called(self):
+        raise AssertionError("getter method called")
+
+
+class Slots(object):
+    __slots__ = ['a', 'b']
+
+
 class TestAttrCompletion(unittest.TestCase):
     @classmethod
     def setUpClass(cls):
@@ -268,6 +279,17 @@ def __getattr__(self, attr):
         self.assertIn(u'a.__module__',
                       self.com.matches(4, 'a.__', locals_=locals_))
 
+    def test_descriptor_attributes_not_run(self):
+        com = autocomplete.AttrCompletion()
+        self.assertSetEqual(com.matches(2, 'a.', locals_={'a': Properties()}),
+                            set(['a.b', 'a.a', 'a.method',
+                                 'a.asserts_when_called']))
+
+    def test_slots_not_crash(self):
+        com = autocomplete.AttrCompletion()
+        self.assertSetEqual(com.matches(2, 'A.', locals_={'A': Slots}),
+                            set(['A.b', 'A.a', 'A.mro']))
+
 
 class TestExpressionAttributeCompletion(unittest.TestCase):
     @classmethod
diff --git a/bpython/test/test_line_properties.py b/bpython/test/test_line_properties.py
@@ -11,7 +11,7 @@
 def cursor(s):
     """'ab|c' -> (2, 'abc')"""
     cursor_offset = s.index('|')
-    line = s[:cursor_offset] + s[cursor_offset+1:]
+    line = s[:cursor_offset] + s[cursor_offset + 1:]
     return cursor_offset, line
 
 
@@ -53,11 +53,12 @@ def encode(cursor_offset, line, result):
     if start < cursor_offset:
         encoded_line = encoded_line[:start] + '<' + encoded_line[start:]
     else:
-        encoded_line = encoded_line[:start+1] + '<' + encoded_line[start+1:]
+        encoded_line = (encoded_line[:start + 1] + '<' +
+                        encoded_line[start + 1:])
     if end < cursor_offset:
-        encoded_line = encoded_line[:end+1] + '>' + encoded_line[end+1:]
+        encoded_line = encoded_line[:end + 1] + '>' + encoded_line[end + 1:]
     else:
-        encoded_line = encoded_line[:end+2] + '>' + encoded_line[end+2:]
+        encoded_line = encoded_line[:end + 2] + '>' + encoded_line[end + 2:]
     return encoded_line
 
 
diff --git a/bpython/test/test_simpleeval.py b/bpython/test/test_simpleeval.py
@@ -5,8 +5,11 @@
 
 from bpython.simpleeval import (simple_eval,
                                 evaluate_current_expression,
-                                EvaluationError)
+                                EvaluationError,
+                                safe_get_attribute,
+                                safe_get_attribute_new_style)
 from bpython.test import unittest
+from bpython._py3compat import py3
 
 
 class TestSimpleEval(unittest.TestCase):
@@ -86,6 +89,12 @@ def test_nonexistant_names_raise(self):
         with self.assertRaises(EvaluationError):
             simple_eval('a')
 
+    def test_attribute_access(self):
+        class Foo(object):
+            abc = 1
+
+        self.assertEqual(simple_eval('foo.abc', {'foo': Foo()}), 1)
+
 
 class TestEvaluateCurrentExpression(unittest.TestCase):
 
@@ -123,5 +132,91 @@ def test_with_namespace(self):
         self.assertEvaled('a[1].a|bc', 'd', {'a': 'adsf'})
         self.assertCannotEval('a[1].a|bc', {})
 
+
+class A(object):
+    a = 'a'
+
+
+class B(A):
+    b = 'b'
+
+
+class Property(object):
+    @property
+    def prop(self):
+        raise AssertionError('Property __get__ executed')
+
+
+class Slots(object):
+    __slots__ = ['s1', 's2', 's3']
+
+    if not py3:
+        @property
+        def s3(self):
+            raise AssertionError('Property __get__ executed')
+
+
+class SlotsSubclass(Slots):
+    @property
+    def s4(self):
+        raise AssertionError('Property __get__ executed')
+
+
+member_descriptor = type(Slots.s1)
+
+
+class TestSafeGetAttribute(unittest.TestCase):
+
+    def test_lookup_on_object(self):
+        a = A()
+        a.x = 1
+        self.assertEquals(safe_get_attribute_new_style(a, 'x'), 1)
+        self.assertEquals(safe_get_attribute_new_style(a, 'a'), 'a')
+        b = B()
+        b.y = 2
+        self.assertEquals(safe_get_attribute_new_style(b, 'y'), 2)
+        self.assertEquals(safe_get_attribute_new_style(b, 'a'), 'a')
+        self.assertEquals(safe_get_attribute_new_style(b, 'b'), 'b')
+
+    def test_avoid_running_properties(self):
+        p = Property()
+        self.assertEquals(safe_get_attribute_new_style(p, 'prop'),
+                          Property.prop)
+
+    @unittest.skipIf(py3, 'Old-style classes not in Python 3')
+    def test_raises_on_old_style_class(self):
+        class Old:
+            pass
+        with self.assertRaises(ValueError):
+            safe_get_attribute_new_style(Old, 'asdf')
+
+    def test_lookup_with_slots(self):
+        s = Slots()
+        s.s1 = 's1'
+        self.assertEquals(safe_get_attribute(s, 's1'), 's1')
+        self.assertIsInstance(safe_get_attribute_new_style(s, 's1'),
+                              member_descriptor)
+        with self.assertRaises(AttributeError):
+            safe_get_attribute(s, 's2')
+        self.assertIsInstance(safe_get_attribute_new_style(s, 's2'),
+                              member_descriptor)
+
+    def test_lookup_on_slots_classes(self):
+        sga = safe_get_attribute
+        s = SlotsSubclass()
+        self.assertIsInstance(sga(Slots, 's1'), member_descriptor)
+        self.assertIsInstance(sga(SlotsSubclass, 's1'), member_descriptor)
+        self.assertIsInstance(sga(SlotsSubclass, 's4'), property)
+        self.assertIsInstance(sga(s, 's4'), property)
+
+    @unittest.skipIf(py3, "Py 3 doesn't allow slots and prop in same class")
+    def test_lookup_with_property_and_slots(self):
+        sga = safe_get_attribute
+        s = SlotsSubclass()
+        self.assertIsInstance(sga(Slots, 's3'), property)
+        self.assertEquals(safe_get_attribute(s, 's3'),
+                          Slots.__dict__['s3'])
+        self.assertIsInstance(sga(SlotsSubclass, 's3'), property)
+
 if __name__ == '__main__':
     unittest.main()
