search

pdoc3 / pdoc

:snake: :arrow_right: :scroll: Auto-generate API documentation for Python projects
https://pdoc3.github.io/pdoc/
GNU Affero General Public License v3.0
1.12k stars 145 forks source link

Default argument gets rendered evaluated #359

Closed germanium closed 2 years ago

germanium commented 2 years ago

Expected Behavior

class MyClass:
    __init__(self, arg1=os.getenv("my_env_var")):
        """MyClass description

            arg1 (str): My arg1 description
        """

I would expect it to render

class MyClass (arg1=os.getenv("my_env_var"))

Actual Behavior

It actually renders it with the result of evaluating the default argument. 

class MyClass (arg1=<actual env variable value>)

In this example this behavior can be very dangerous if the environment that builds the documentation has secrets in the environment variable my_env_var.

Additional info

kernc commented 2 years ago

Unlike os.environ itself and a few other singletons which we account for: https://github.com/pdoc3/pdoc/blob/f358893e4fcfd7f29857a7ff5491b606ff146d39/pdoc/__init__.py#L1453-L1462 ... os.getenv('my_env_var') is evaluated before being assigned as arg1 default.

>>> import os; os.environ['my_env_var'] = 'this'
>>> def foo(*, arg1=os.environ['my_env_var']): pass
>>> foo.__kwdefaults__
{'arg1': 'this'}

So unfortunately, this is not possible. :disappointed: