fix: prevent endless loop from accessing self

IdentityPython / SATOSA

Proxy translating between different authentication protocols (SAML2, OpenID Connect and OAuth2)

https://idpy.org

Apache License 2.0

197 stars 121 forks source link

fix: prevent endless loop from accessing self #446

Closed thomaswar closed 9 months ago

thomaswar commented 10 months ago

Fix to prevent endless loop when self.data calls self.__getattr__

All Submissions:

[x] Have you checked to ensure there aren't other open Pull Requests for the same update/change?
[x] Have you added an explanation of what problem you are trying to solve with this PR?
[x] Have you added information on what your changes do and why you chose this as your solution?
[ ] Have you written new tests for your changes?
[x] Does your submission pass tests?
[x] This project follows PEP8 style guide. Have you run your code against the 'flake8' linter?

c00kiemon5ter commented 10 months ago

Hello @thomaswar,

did you hit this issue or is this provisional? Did UserDict semantics change with the latest Python verison?

thomaswar commented 9 months ago

Hello @c00kiemon5ter,

I hit this issue with a custom modification that needs to serialize and unserialize the state to implement some special flows and thus tampers with data.

I think that particular code is just not reached otherwise yet. I am sure accessing self.data this way should have always ended with a maximum recursion error. I am not aware of any history of UserDict that would have diverted this access to super() by itself.

c00kiemon5ter commented 9 months ago

I don't seem to be able to trigger this, but I think it's good in any case.