Fixed Improper Method Call: __eq__
and __ne__
#636
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Details
While triaging your project, our bug fixing tool generated the following message(s)-
Proof of Concept / Explanation
Let's consider the following test code -
Output:
Here, we can see that even the most minimal implementation of a class can compare the objects.
However, if we try executing the following block of code -
Output:
The fallback mechanism of Python's object comparison gets overridden by the
__eq__
method implementation. Let's try change the code as below and try to execute -Output:
But, there's a problem now. The statement
a == b, a != b
is returning the valueFalse, False
which shouldn't have been the case. Since the__ne__
method depends on__eq__
method, we'll have to modify it too.Output:
After fixing both methods, our code works as expected.
Related Documentation
Changes
__eq__
and__ne__
methodsPreviously Found & Fixed
CLA Requirements
This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions.
All contributed commits are already automatically signed off.
Sponsorship and Support
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.