← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #13607

[Bug 1307878] [NEW] Fix instances of mutable default arguments to functions/methods

  Thread PreviousDate PreviousThread Next 
Public bug reported:

In a few points throughout the codebase, mutable lists and mutable dicts
are being used as default function/method arguments.

In Python, this is an issue since functions are treated as objects that
can maintain state between calls. As a result, this only gets set once,
and it's possible for it to stack list values over time in cases when
you might expect them to be empty. Depending on use, this can cause
incredibly complex and yet very subtle bugs in code that reads just
fine. In Glance's case, since a few instances of this are in several
ACL-related methods in glance.store.*, there is *potential* for security
concern (not confirmed).

Here's some additional information illustrating and explaining this behavior in Python:
http://effbot.org/zone/default-values.htm
http://stackoverflow.com/questions/1132941/least-astonishment-in-python-the-mutable-default-argument

There are no comments in the code I've seen that indicate this usage is
meant specifically to take advantage of this subtlety in the language.
We'd definitely want to document that if it is the case.

Wanted to create this as a discussion point if needed, and as a courtesy
to attach it to the patch I'm going to push in a few minutes. The full
test suites seem to pass locally, so will be curious what Jenkins has to
say.

** Affects: glance
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1307878

Title:
  Fix instances of mutable default arguments to functions/methods

Status in OpenStack Image Registry and Delivery Service (Glance):
  New

Bug description:
  In a few points throughout the codebase, mutable lists and mutable
  dicts are being used as default function/method arguments.

  In Python, this is an issue since functions are treated as objects
  that can maintain state between calls. As a result, this only gets set
  once, and it's possible for it to stack list values over time in cases
  when you might expect them to be empty. Depending on use, this can
  cause incredibly complex and yet very subtle bugs in code that reads
  just fine. In Glance's case, since a few instances of this are in
  several ACL-related methods in glance.store.*, there is *potential*
  for security concern (not confirmed).

  Here's some additional information illustrating and explaining this behavior in Python:
  http://effbot.org/zone/default-values.htm
  http://stackoverflow.com/questions/1132941/least-astonishment-in-python-the-mutable-default-argument

  There are no comments in the code I've seen that indicate this usage
  is meant specifically to take advantage of this subtlety in the
  language. We'd definitely want to document that if it is the case.

  Wanted to create this as a discussion point if needed, and as a
  courtesy to attach it to the patch I'm going to push in a few minutes.
  The full test suites seem to pass locally, so will be curious what
  Jenkins has to say.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1307878/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next