Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!xlned.com!feeder3.xlned.com!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.021
X-Spam-Evidence: '*H*': 0.96; '*S*': 0.00; '22,': 0.09; '[1,': 0.09; '[],': 0.09; 'def': 0.12; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'typeerror:': 0.16; 'unhashable': 0.16; 'sat,': 0.16; 'wrote:': 0.18; '>>>': 0.22; 'header:In-Reply-To:1': 0.27; 'message-id:@mail.gmail.com': 0.30; 'work.': 0.31; '"",': 0.31; '>>>>': 0.31; 'file': 0.32; 'class': 0.32; '(most': 0.33; 'skip:_ 10': 0.34; 'but': 0.35; 'received:google.com': 0.35; 'list': 0.37; 'to:addr:python-list': 0.38; 'list,': 0.38; 'pm,': 0.38; 'recent': 0.39; 'itself': 0.39; 'to:addr:python.org': 0.39; 'subject:Value': 0.84; '2013': 0.98
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=YB/quu2ScLi+Zjtq/Kx2ZFO6sinY3kUfigjM6tK09z0=; b=WHxKY2LXdZ0WCOMR6auoEYrtG6G/Xl6KqMiLHdsiN9j2e26QqVB9caH72bOVYqMOg8 Zg7rb27edlxp9jvVzVnGvZOcYKrs+oNRbKpNe1KA/up2VYQMYAgxwLfQPbZj0PKUdbJY z0EYH6ajqGvpRv4gDwDVKkYZTrlTahGdKgUW1lZ7pHDRvqv2Eto8Z4q0fWm9LhqWkks4 ZkyLX0dm1hwGlxeSNmdO0q4g7wVM2Tua9nWvFdtWi6tzhm30I83m3GfcD6/tT1YTjLro 8nz606XQCjSYgrFInW5yFAw0clSBLGEUWCymcLwUSo+bK/g6S4BdETzq3//nhHQU9kPL O5Jg==
MIME-Version: 1.0
X-Received: by 10.220.48.17 with SMTP id p17mr6670572vcf.97.1371867536218; Fri, 21 Jun 2013 19:18:56 -0700 (PDT)
In-Reply-To: <kq308b$1ll$1@dont-email.me>
References: <7e6361d5-6619-4aaa-adda-8b5f01bde57f@googlegroups.com> <b3d90d37-896c-4c80-8f94-9e046453927c@googlegroups.com> <447dd1c6-1bb2-4276-a109-78d7a067b442@d8g2000pbe.googlegroups.com> <2e92b4c7-31be-40d2-a906-ab19f3630dfa@googlegroups.com> <mailman.3627.1371742717.3114.python-list@python.org> <baf4de3c-e4ff-42c0-8d65-2f6cf825735c@googlegroups.com> <51c477dd$0$29999$c3e8da3$5496439d@news.astraweb.com> <565a1c8f-6fd9-4bab-9834-076eaea527f8@googlegroups.com> <kq23at$i39$1@dont-email.me> <7e1ed740-df18-4978-b11d-8ca9c4b5bd04@googlegroups.com> <kq2o0k$vng$1@dont-email.me> <46567a60-bb75-4f22-b968-bf3ccbf35afb@googlegroups.com> <kq308b$1ll$1@dont-email.me>
Date: Sat, 22 Jun 2013 12:18:56 +1000
Subject: Re: Default Value
From: Chris Angelico <rosuav@gmail.com>
To: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.3684.1371867545.3114.python-list@python.org>
Lines: 23
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1371867545 news.xs4all.nl 15949 [2001:888:2000:d::a6]:46511
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:48907

On Sat, Jun 22, 2013 at 12:01 PM, Rotwang <sg552@hotmail.co.uk> wrote:
>>>> class hashablelist(list):
> ...     def __hash__(self):
> ...         return hash(tuple(self))

There's a vulnerability in that definition:

>>> a=hashablelist((1,[],3))
>>> a
[1, [], 3]
>>> {a:1}
Traceback (most recent call last):
  File "<pyshell#255>", line 1, in <module>
    {a:1}
  File "<pyshell#249>", line 3, in __hash__
    return hash(tuple(self))
TypeError: unhashable type: 'list'

Of course, if you monkey-patch list itself to have this functionality,
or always use hashablelist instead of list, then it will work. But
it's still vulnerable.

ChrisA