What are the internals of Pythons str.join()? (Hiding passwords from output) -


i stumbled upon interesting(?) way hide passwords (and other personal data) general output screen logfiles.

in book how make mistakes in python mike pirnat suggests implement class sensitive strings , overload __str__- , __repr__-methods.

i experimented , got this:

class secret(str):      def __init__(self, s):         self.string = s      def __repr__(self):         return "'" + "r"*len(self.string) + "'"      def __str__(self):         return "s" * len(self.string)      def __add__(self, other):         return str.__add__(self.__str__(), other)      def __radd__(self, other):         return str.__add__(other, self.__str__())      def __getslice__(self, i, j):         return ("x"*len(self.string))[i:j]

(i'm aware using len provides information content hide. it's testing.)

it works fine in cases:

pwd = secret("nothidden")  print("the passwort " + pwd)                  # passwort sssssssss print(pwd + " passwort.")                 # sssssssss password.  print("the passwort {}.".format(pwd))         # password sssssssss. print(["the", "passwort", "is", pwd])            # ['the', 'password', 'is', 'rrrrrrrrr'] print(pwd[:])                                    # xxxxxxxxx

however not work:

print(" ".join(["the", "password", "is", pwd]))  # password nothidden

so, how str.join() work internally? method have overload obscure string?

the issue inheriting str, implements __new__ means though avoided calling parent constructor in class, underlying c object still initialized it.

now join checking if has str subclass and, being implemented in c, access directly underlying c structure, or uses other str-related function bypasses __str__ , __repr__ (think it: if value string or string subclass, why code call __str__ or __repr__ obtain value? accesses underlying character array in way!)

to fix this: not inherit str! unfortunately means not able use object string in situations, that's pretty inevitable.

an alternative may work implement __new__ , feed different value str's __new__ method:

class secret(str):     def __new__(cls, initializer):         return super(secret, cls).__new__(cls, 'x'*len(initializer))     def __init__(self, initializer):         self.text = initializer     def __repr__(self):         return "'{}'".format("r"*len(self))     def __str__(self):         return "s"*len(self)     def __add__(self, other):         return str(self) + other     def __radd__(self, other):         return other + str(self)

which results in:

in [19]: pwd = secret('nothidden')  in [20]: print("the passwort " + pwd)                  # passwort sssssssss     ...: print(pwd + " passwort.")                 # sssssssss password.     ...:      ...: print("the passwort {}.".format(pwd))         # password sssssssss.     ...: print(["the", "passwort", "is", pwd])            # ['the', 'password', 'is', 'rrrrrrrrr']     ...: print(pwd[:]) passwort sssssssss sssssssss passwort. passwort sssssssss. ['the', 'passwort', 'is', 'rrrrrrrrr'] xxxxxxxxx  in [21]: print(" ".join(["the", "password", "is", pwd])) password xxxxxxxxx

however fail see how useful. mean: purpose of class avoid programming errors end display sensitive information? having exception being triggered better can identify bugs! it's best raise notimplementederror inside __str__ , __repr__ instead of silently provided useless value... sure don't leak secret finding bugs becomes hard.


Comments

Post a Comment

Popular posts from this blog

sql - can we replace full join with union of left and right join? why not? -

can replace full join union of left , right join? if no,why? 'yes' if t1 , t2 sets (no duplicated rows), otherwise answer 'no'. create table t1 (i int); create table t2 (i int); insert t1 values (1); insert t1 values (2); insert t1 values (2); insert t2 values (3); full join select * t1 full join t2 on t1.i=t2.i order 1,2 1 (null) 2 2 2 2 (null) 3 union select * t1 left join t2 on t1.i=t2.i union select * t1 right join t2 on t1.i=t2.i order 1,2 1 (null) 2 2 (null) 3 union all select * t1 left join t2 on t1.i=t2.i union select * t1 right join t2 on t1.i=t2.i order 1,2 1 (null) 2 2 2 2 2 2 2 2 (null) 3
Read more

javascript - Parallax scrolling and fixed footer code causing width issues -

i bolted bits of code. 1 parallax scrolling, , other piece of fixed footer code found here: http://codepen.io/madshaakansson/pen/cgjch though after bolting , fixing few issues, have problem different widths. header different width footer, , main content doesnt span whole width of page. have tried adjusting width of content css 100%, made main content span whole width, ended breaking footer. i not sure need change make these different bits of code work together. advice appreciated. my attempt: http://codepen.io/dingerzat/pen/qgbwkk html /*global define: false */ function init() { window.addeventlistener('scroll', function(e) { var distancey = window.pageyoffset || document.documentelement.scrolltop, shrinkon = 300, header = document.queryselector("header"); if (distancey > shrinkon) { classie.add(header, "smaller"); } else { if (classie.has(header, ...
Read more

iOS: Performance of reloading UIImage(name:...) -

i have tableview , each row has icon. 90% of rows have same icon. in cellforrowatindexpath method load image assets folder this: var cellimage = uiimage(named: "myimage") does pose performance problem? os somehow smart enough it's same image each time? better if loaded image once , saved in class variable , assigned each time? uiimage 's named: api does kind of caching. if @ uiimage's documentation , states: use init(named:in:compatiblewith:) method (or init(named:) method) create image image asset or image file located in app’s main bundle (or other known bundle). because these methods cache image data automatically, recommended images use frequently.
Read more