diff --git a/Lib/inspect.py b/Lib/inspect.py index ffbe66fbe1f..203175568b9 100644 --- a/Lib/inspect.py +++ b/Lib/inspect.py @@ -1161,10 +1161,11 @@ def getattr_static(obj, attr, default=_sentinel): if obj is klass: # for types we check the metaclass too for entry in _static_getmro(type(klass)): - try: - return entry.__dict__[attr] - except KeyError: - pass + if _shadowed_dict(type(entry)) is _sentinel: + try: + return entry.__dict__[attr] + except KeyError: + pass if default is not _sentinel: return default raise AttributeError(attr) diff --git a/Lib/test/test_inspect.py b/Lib/test/test_inspect.py index 56f9929770f..fad4d5af73f 100644 --- a/Lib/test/test_inspect.py +++ b/Lib/test/test_inspect.py @@ -1088,6 +1088,23 @@ class TestGetattrStatic(unittest.TestCase): self.assertIsNot(inspect.getattr_static(sys, "version", sentinel), sentinel) + def test_metaclass_with_metaclass_with_dict_as_property(self): + class MetaMeta(type): + @property + def __dict__(self): + self.executed = True + return dict(spam=42) + + class Meta(type, metaclass=MetaMeta): + executed = False + + class Thing(metaclass=Meta): + pass + + with self.assertRaises(AttributeError): + inspect.getattr_static(Thing, "spam") + self.assertFalse(Thing.executed) + class TestGetGeneratorState(unittest.TestCase): def setUp(self): diff --git a/Misc/NEWS b/Misc/NEWS index 1ad91c02856..9168a55be07 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -97,6 +97,9 @@ Core and Builtins Library ------- +- Issue #11829: Fix code execution holes in inspect.getattr_static for + metaclasses with metaclasses. Patch by Andreas Stührk. + - Issue #1785: Fix inspect and pydoc with misbehaving descriptors. - Issue #11813: Fix inspect.getattr_static for modules. Patch by Andreas