Do not allow attributes ending with __roles__

zopefoundation · Oct 4, 2016 · 860f134 · 860f134
1 parent 051bf35
commit 860f134
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/src/RestrictedPython/transformer.py b/src/RestrictedPython/transformer.py
@@ -528,6 +528,12 @@ def visit_Attribute(self, node):
                 '"{name}" is an invalid attribute name because it starts '
                 'with "_".'.format(name=node.attr))
 
+        if node.attr.endswith('__roles__'):
+            self.error(
+                node,
+                '"{name}" is an invalid attribute name because it ends '
+                'with "__roles__".'.format(name=node.attr))
+
         if isinstance(node.ctx, ast.Load):
             node = self.generic_visit(node)
             new_node = ast.Call(

diff --git a/tests/test_transformer.py b/tests/test_transformer.py
@@ -98,7 +98,7 @@ def test_transformer__RestrictingNodeTransformer__visit_Name__1(compile):
             '"_"',) == errors
 
 
-BAD_ATTR = """\
+BAD_ATTR_UNDERSCORE = """\
 def bad_attr():
     some_ob = object()
     some_ob._some_attr = 15
@@ -109,19 +109,37 @@ def bad_attr():
 def test_transformer__RestrictingNodeTransformer__visit_Attribute__1(compile):
     """It is an error if a bad attribute name is used."""
     code, errors, warnings, used_names = compile.compile_restricted_exec(
-        BAD_ATTR, '<undefined>')
+        BAD_ATTR_UNDERSCORE, '<undefined>')
+
     assert ('Line 3: "_some_attr" is an invalid attribute name because it '
             'starts with "_".',) == errors
 
 
+BAD_ATTR_ROLES = """\
+def bad_attr():
+    some_ob = object()
+    some_ob.abc__roles__
+"""
+
+
+@pytest.mark.parametrize(*compile)
+def test_transformer__RestrictingNodeTransformer__visit_Attribute__2(compile):
+    """It is an error if a bad attribute name is used."""
+    code, errors, warnings, used_names = compile.compile_restricted_exec(
+        BAD_ATTR_ROLES, '<undefined>')
+
+    assert ('Line 3: "abc__roles__" is an invalid attribute name because it '
+            'ends with "__roles__".',) == errors
+
+
 TRANSFORM_ATTRIBUTE_ACCESS = """\
 def func():
     return a.b
 """
 
 
 @pytest.mark.parametrize(*compile)
-def test_transformer__RestrictingNodeTransformer__visit_Attribute__2(compile, mocker):
+def test_transformer__RestrictingNodeTransformer__visit_Attribute__3(compile, mocker):
     code, errors, warnings, used_names = compile.compile_restricted_exec(
         TRANSFORM_ATTRIBUTE_ACCESS)