Hugo Geoffroy added the comment:
I would like to point out that the changes in `ast.literal_eval` may have some
security risk for code that do not expect this function to return an object
with user-controlled length (for example, with `2**32*'X'`). AFAIK, this is not
possible with t
Hugo Geoffroy added the comment:
This patch blacklists `__wrapped__` (using the same form as the first comment,
with a more explicit exception message) in `unittest.mock._Call.__getattr__`.
I also documented the change and added a tests that checks
`assertFalse(hasattr(call, '__wrap
Hugo Geoffroy added the comment:
You are right, the fix would be better suited in `unwrap`.
But, still, shouldn't any `__getattr__` implementation take care of not
returning, for the `__wrapped__` attribute, a dynamic wrapper that provides the
same attribute ? `__wrapped__` is com
Hugo Geoffroy added the comment:
Another argument for having the fix in `unwrap` rather than `signature` is that
this bug does not actually seem to be called by `signature`, as the doctest
module calls `unwrap` for "inspect.isroutine(inspect.unwrap(val))".
Also, this call does not
