# Python Metaprogramming for Mad Scientists and Evil Geniuses

    who: Walker Hale
    cover_story: Baylor College of Medicine, HGSC

They laughed at my theories. They said I was mad. But I'll show them. I'll show them all...

This document has been placed in the public domain.

## link: https://github.com/walkerh/pytexas_2017_mad_evil

![https://github.com/walkerh/pytexas_2017_mad_evil](qrcode.png)

# A little story

The coding sprints at PyCon 2010 in Atlanta, Georgia…

During the sprints, I met several of the core developers. They were nice, rational, and dedicated to making improvements for the greater good. These were not mere innocent bystanders! The community of core developers is populated by **altruists** — what we sometimes dergotorily call *do gooders*!

It is with a profound sense if irony and gratitude that I will present how technology created such folks is an ideal component in the toolboxes for both of our communities.

# Thesis

Python is an ideal language for both:

   * Mad Scientists
   * Evil Geniuses

As for the sane atruists, I will show that they can apply black-hat techniques to good works ... *if they absolutely must.*

# Different Communities, Different Concerns

Each of our communities is based on a different principle of alternative ethics.

Although I will start from the Mad Scientist perspective, the Evil Genius applications should be obvious — at least to the Evil Geniuses.

<span style="color:red">Mad</span> Scientist: creating new things because it's cool

<span style="color:red">Evil</span> Genius: practical applications

Each is willing to <span style="color:red">TWIST</span> whatever is at hand to suit their own will, despite *norms*, *conventions*, or what is considered *natural*.

If everyone knows what you are up to, and nobody is trying to stop you, *you are probably doing something wrong*.

# Typical Mad Science Goals

Create new living code objects from scraps without corresponding source code.

Mutate third-party code to suite our purposes without modifying the third-party source code.

Normally there is a one-to-one correspondence between code objects (contained in functions and methods) and source code. Likewise there is normally a one-to-one correspondence between classes and source code as well as between modules and files. A programmer who is constrained by these *conventions* must know before runtime the number and names of all functions, classes, methods, and modules. Programmers such as ourselves, however, need not be limited to what is considered *natural*.

Most programmers when dealing with third-party code that does not quite suite their needs feel that they must choose between patching the source code and accepting their fate. Patching the source code requires the programmer to maintain and reapply that patch as the third-party code is updated. We have the option of selectively *mutating* third-party code at runtime, an approach that is much more robust in the face of updates.

# Equipment

* Synthetic Functions
* Synthetic Classes
* Synthetic Modules
* Monkey Patching
* `sitecustomize.py` (mainly Evil Geniuses)

Any great experiment requires gathering the right equipment. These are the features and principles of Python that we shall use to express our *genius*.

# Synthetic Functions

In [1]:
d = {} # Create a function from a string.
code = '''\
def synthetic_spam(z):
    return z*z + 1
'''
exec(code, d)

In [2]:
print(d.keys())
['__builtins__', 'synthetic_spam']
spam = d['synthetic_spam']
spam(3)

dict_keys(['__builtins__', 'synthetic_spam'])


10

Behold! A function even more *synthetic* than Spam itself!

We can continue to parse more strings into our dict, accumulating more synthetic functions or even classes.

Men and women such as ourselves are not limited to the functionality provided in mere source code! We can create new functionality by forming arbitrary strings and then using the exec keyword to compile them on the fly. We accumulate the results into a dictionary. In this way, we create new functions and classes out of the ether, unfettered by the laws of man or nature!

# Synthetic Classes

What is a class? Nothing more than a dressed up dict! Nothing stops us from creating one. Buwahahahaha! To make the dict, either parse some strings as I showed before with synthetic functions or assemble parts.

In [3]:
def spam(self, x):
    return 'hello spam(%s).' % x

def eggs(self):
    return 'hello eggs().'

d = dict(spam = spam, eggs = eggs)
SyntheticClass = type('SyntheticClass', (), d)
obj = SyntheticClass()
obj.spam(7), obj.eggs()

('hello spam(7).', 'hello eggs().')

There is a more full-featured but complex method in the `types` module.

# Synthetic Modules

Want to create a module out of the blue? No problem!

In [4]:
import sys, types
my_module = types.ModuleType('synthetic',
                             'Fake module.')
def my_function():
    print('hello from my_function()')

my_module.eggs = my_function
sys.modules['synthetic'] = my_module

import synthetic
synthetic.eggs()

hello from my_function()


You can also use the imp module for this. See the function imp.new_module.

Here I have deliberately used a function name that is different from the name in the module. This is normally not a problem. Don't forget that in modern versions of Python, you can set the value of the __name__ attribute of the function.

# Applications of Synthetics

* Integrating user-specified formulae (functions)
* Domain-specific languages (functions & classes)
* GUI Frameworks (functions & classes)
* Object-Relational Mappers (classes)
* Monkey patching (modules, more on that later)

I would hope that you appreciate these Synthetics for the joy of learning how Python is put together. Nevertheless, for those of you do-good … altruists who think that every piece of technology must somehow contribute to the "greater good", consider these possible applications.

# Monkey Patching

* Functions, classes, and modules are just objects in memory.
* Modify (patch) third-party objects.
* Very similar to Aspect-Oriented Programming.
* Patching third-party objects is more robust than patching third-party code.

In Python, functions, classes, and modules are just objects in memory waiting for you to exert your will over them. Monkey patching is the practice of modifying third-party objects dynamically at runtime in order to fix bugs or add "features".

# Monkey Patching Modules

Either:

* Modify an existing module.
* Synthesize a replacement.

With either approach you must do the deed *before* any other code imports the module. (More on this later.)

# Monkey Patching Classes

This technique shows adding or replacing a method in a class. This will affect all instances whether already created or created later. Only instances of subclasses that have overridden the method in question are immune (unless you patch the subclasses too).

Note that until it is bound to an instance, a regular method is just a function.

In [5]:
class MyClass(object):
    def foo():
        pass
    def spam():
        print('original Spam.')

x = MyClass()
def new_spam(self):
    print('grafted Spam!')

MyClass.spam = new_spam
x.spam()

grafted Spam!


In [6]:
x.spam

<bound method new_spam of <__main__.MyClass object at 0x11206f630>>

In [7]:
MyClass.spam

<function __main__.new_spam>

In [8]:
MyClass.foo

<function __main__.MyClass.foo>

The behavior has changed, but the disguise is not perfect. It could be fixed with more effort, but why bother. Duck Typing!

# Monkey Patching Instances

I could just as well have added the new method to a particular object instead of an entire class.

In [9]:
import types
class MyClass2(object):
    pass

x, y = MyClass2(), MyClass2()

def new_spam(self):
    print('grafted Spam!')

x.spam = types.MethodType(new_spam, x)
x.spam()  # Will work
y.spam()  # Will fail

grafted Spam!


AttributeError: 'MyClass2' object has no attribute 'spam'

# sitecustomize.py

How to "*fix*" executables.

From http://docs.python.org/library/site.html#index-3

> After these path manipulations, an attempt is made to import a module named sitecustomize,
> which can perform arbitrary site-specific customizations. It is typically created by a
> system administrator in the site-packages directory. If this import fails with an
> ImportError exception, it is silently ignored.

Suppose you have one or more third-party Python executables that do things the *wrong* way. Suppose further that the maintainers refuse to address your concerns instantly and that you don't want to maintain code patches every time you install an update.

* Create a special version of sitecustomize.py and stash it somewhere out of the way. (More on that later.)
* For each offending executable you want to patch, create either a wrapper script or alias that sets PYTHONPATH to the directory containing your sitecustomize.py before passing control to the executable.

You could also just temporarily set PYTHONPATH whenever you want to apply a patch for a while.

Now whenever you launch one of the offending executables, the Python interpreter will import your sitecustomize.py before running the contents of the executable.

Your module will load very early during initialization, even before the interpreter has populated sys.argv.

# Scenario 1

Suppose you have one or more Python executables on a UNIX-like system that include hard paths to the wrong Python interpreter in their shebang lines. Your sitecustomize.py might look like this…

Globals:

```Python
import sys, os
EXECUTABLE = '/the/one/true/path/python'
orig_import = __import__
```

Define patch:

```Python
def __import__(name, globals=None, locals=None, fromlist=None):
    """Start a different Python interpreter."""
    if hasattr(sys, 'argv'):
        # Replace current process...
        os.execv(EXECUTABLE, ['python'] + sys.argv)
    return orig_import(name, globals, locals, fromlist)
```

Conditionally instal patch.

```python
if sys.executable != EXECUTABLE:
    sys.modules['__builtin__'].__import__ = (
        __import__
    )
```

We can't run `os.execv` until `sys.argv` is defined, but that doesn't happen until later, so we hook into the import mechanism. Of course we must leave everything unchanged when we are later running the correct interpreter.

It isn't often that you can use a blackhat technique for something practical that isn't also a crime...

# Scenario 2

Suppose you install some third-party software with expectations of super-user privilege or hardcoded paths to restricted directories. Suppose you don't have super-user privilege on the target machine (or at least you won't admit to it). You can use these mechanisms to patch the relevant portions of the Python Standard Library!

I know what I'm doing. I don't need to ask the system administrator for sudo rights anymore than I need to get a note from my mother.

If third-party software checks to see if you are some special account...

```python
import sys, new
pwd_new = new.module('pwd')

def getpwnam(n):
    '''I'm whoever you want me to be...'''
    return (n, '', os.getuid(), os.getgid(),
            'Fake', PREFIX, '/bin/bash')

pwd_new.getpwnam = getpwnam
sys.modules['pwd'] = pwd_new
```

Here we show using a synthetic module. In this case, we might have been able to just patch the module directly. We show this example in case the module in question was written in C.

## When should you synthesize:

* Patch a module written in C.
* Patch just the few functions you think you need, with the assurance that if you forgot any, you will get an exception.
* Create an object that acts like a module but really synthesizes the functions it needs by implementing a custom `__getattr__`.

# Dealing with Angry Villagers

Q: What is the difference between a science project and a monster?

A: Control!

With pitchforks and torches, they will come, ready to destroy your creation.

As vexing as it may be to have to justify your plans to feebleminded co-workers who do not understand your genius, experience shows that communicating your plans and addressing their concerns is time well spent.

# Limitations

* Patching third-party code can confuse co-workers.
    + Do it seldom.
    + Do it publicly.
* Updates to third-party code can still break a monkey patch.
* You cannot monkey patch most code that resides below Python (C/C++, Java), **but** you can synthesize a replacement that delegates to the original.

# Closing

We live in a golden age where reason and science can triumph over convention and superstition.

Todo:

* Revel in your *power*.
* Laugh your most *diabolical* laugh.
* Bend code to your *will*.
* ...

# Questions?

## link: https://github.com/walkerh/pytexas_2017_mad_evil

![https://github.com/walkerh/pytexas_2017_mad_evil](qrcode.png)