Skip to content

Commit

Permalink
Do not use assert statement in security logic
Browse files Browse the repository at this point in the history 
This is because assert statement gets optimised out when Python is run
with -O flag. This was pointed out to me by audience at PyWaw 76.
  • Loading branch information
@woju
woju committed Jun 11, 2018
1 parent 39a9e4e commit 4e49b95
Show file tree
Hide file tree
Showing 10 changed files with 164 additions and 149 deletions.
5 changes: 5 additions & 0 deletions qubes/api/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,11 @@ def fire_event_for_filter(self, iterable, **kwargs):
return apply_filters(iterable,
self.fire_event_for_permission(**kwargs))

def enforce(self, predicate):
'''An assert replacement, but works even with optimisations.'''
if not predicate:
raise PermissionDenied()


class QubesDaemonProtocol(asyncio.Protocol):
buffer_size = 65536
Expand Down
Loading

0 comments on commit 4e49b95

Please sign in to comment.