Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid triggering @property methods on plugins when looking for hookimpls during registration #536

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

pirate
Copy link

@pirate pirate commented Sep 27, 2024

Hey all, thanks for making pluggy! I'm loving using it so far. 🥳


Currently pluggy fairly aggressively inspects every plugin's attrs upon registration in order to look for potential @hookimpl-marked methods.

Based on the existing implementation in PluginManager.register() -> ... -> parse_hookimpl_opts(), it's clear that the intention is to only look for Callable methods marked with the @hookimpl decorator (it skips over any non-methods / undecorated-methods it finds in the process).

If a plugin is class-based, the current implementation using inspect.isroutine(getattr(plugin, name)) has the unintended consequence of evaluating every single @property method on the passed plugin object, which can have side effects because property methods can execute arbitrary code upon access!

This PR corrects this by pre-checking if a given plugin attr is a @property (or pydantic field), before attempting to getattr(plugin, name) to pass it to inspect.isroutine(...).

@pirate
Copy link
Author

pirate commented Sep 27, 2024

Codecov is complaining about whitespace lines and comment lines not being covered?

Copy link
Member

@RonnyPfannschmidt RonnyPfannschmidt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, wondering if we should take static getattr from pytest for fetching declarations

src/pluggy/_manager.py Outdated Show resolved Hide resolved
src/pluggy/_manager.py Outdated Show resolved Hide resolved
updates:
- [github.com/astral-sh/ruff-pre-commit: v0.6.7 → v0.6.8](astral-sh/ruff-pre-commit@v0.6.7...v0.6.8)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
@pirate
Copy link
Author

pirate commented Oct 1, 2024

Ok I've updated the PR:

  • Removed pydantic-specific logic
  • Abstracted @property check to helper function _attr_is_property(obj, name) -> bool
  • Exhaustively tested the following situations:
    • proper handling of: modules, class, objects, Pydantic models, Django models being used as namespaces
    • namespaces containing: @property, @classproperty, @classmethod, @staticmethod, ClassVars, normal variables, and normal methods

For a full demo of the exhaustive tests showing that it works in those cases ^ (including pydantic-specific tests that I did not put in the PR) see here:

https://gist.github.com/pirate/66f12beac594c99c697cd5543a1cb77b

Copy link
Member

@RonnyPfannschmidt RonnyPfannschmidt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks good to me, Thanks!

i'd like to get a final ok from @bluetech

src/pluggy/_manager.py Show resolved Hide resolved
Copy link
Member

@bluetech bluetech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for removing the pydantic bit. I still have a question on the AttributeError case.

src/pluggy/_manager.py Outdated Show resolved Hide resolved
src/pluggy/_manager.py Show resolved Hide resolved
@pirate pirate requested a review from bluetech December 19, 2024 02:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants