79612785

Date: 2025-05-08 16:10:53
Score: 0.5
Natty:
Report link

The __subclasses__() feature of Python can be totally disabled by using no-subclasses library, which can be installed via pip install no-subclasses.
An example:

>>> import no_subclasses
>>> len(object.__subclasses__()) # Without no_subclasses library
313
>>> object.__subclasses__()[:5]
[<class 'type'>, <class 'async_generator'>, <class 'bytearray_iterator'>, <class 'bytearray'>, <class 'bytes_iterator'>]
>>>
>>> no_subclasses.init() # Enable no_subclasses library
>>> object.__subclasses__()
[]
>>> int.__subclasses__()
[]
>>> attack_expr = "(1).__class__.__base__.__subclasses__()"
>>> safe_scope = {"__builtins__":{}} # Cannot call any built-in functions (except some safe functions, e.g. (1).__class__)
>>> eval(attack_expr,safe_scope)
[]

Additionally, I've submitted an issue proposing the deprecation of the __subclasses__ feature to CPython, but it was rejected.
Note that I'm the developer of no-subclasses library.

Reasons:
  • Contains signature (1):
  • Long answer (-0.5):
  • Has code block (-0.5):
  • Low reputation (0.5):
Posted by: qfcy