[Zope-dev] uuid.UUID as a rock in zope.security

Jim Fulton jim at zope.com
Fri Apr 10 09:03:41 EDT 2009


On Apr 3, 2009, at 2:57 AM, Brian Sutherland wrote:

> Hi,
>
> We're using UUIDs a lot, and it's pretty painful that they are  
> security
> proxied. They're in the standard library from python 2.5
> (http://docs.python.org/library/uuid.html) and are immutable according
> to the documentation.

"According to the documentation" isn't good enough.

> I think they meet all the all the requirements to be rocks. So unless
> someone complains, I'll commit the attached patch in a few days.


 >>> u = uuid.UUID('{12345678-1234-5678-1234-567812345678}')
 >>> u.__dict__['int'] = 1
 >>> u
UUID('00000000-0000-0000-0000-000000000001')

This isn't exactly immutable.  The protection system would prevent  
this sort of mutation, but I'm still nervous about a rock implemented  
in Python.  We have to be darn sure that there isn't some sort of loop  
hole here.  Really we have to do this with any rock and I'm not sure  
we have the formalisms necessary to guide this.

Oh wait:

 >>> del u.int
 >>> u
Traceback (most recent call last):
   File "<stdin>", line 1, in <module>
   File "/usr/local/python/2.5.1/lib/python2.5/uuid.py", line 192, in  
__repr__
     return 'UUID(%r)' % str(self)
   File "/usr/local/python/2.5.1/lib/python2.5/uuid.py", line 198, in  
__str__
     hex = '%032x' % self.int
AttributeError: 'UUID' object has no attribute 'int'

Oops. This would not be prevented by the protection system. -1 for  
making uuids rocks.

Jim

--
Jim Fulton
Zope Corporation




More information about the Zope-Dev mailing list