Skip to content

Add explicit definition for __repr__ and __str__ in BaseException #14900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 20, 2025
Merged

Add explicit definition for __repr__ and __str__ in BaseException #14900

merged 1 commit into from
Oct 20, 2025

Conversation

@arthaud
Copy link
Contributor

@arthaud arthaud commented Oct 20, 2025

Taint analysis tools such as Pysa might want to mark BaseException.__str__ and BaseException.__repr__ as a source and check if it flows to a sink (such as a logging call). Leaking exception messages is usually a security risk.

However, since those methods are inherited from object, marking those as sources does not work.
This can be easily fixed by making the definition explicit, which this PR does.

I agree this is not optimal, but the alternatives are limited:

  • Adding support for marking inherited methods as a source in those tools (i.e Pysa) would require a month of work
  • Using our own typeshed fork would lead to a maintenance cost, as well as user frustration when our fork inevitably gets out of date

@github-actions

This comment has been minimized.

Sign in to view
AlexWaygood
AlexWaygood reviewed Oct 20, 2025
View reviewed changes
@arthaud
Add explicit definition for __repr__ and __str__ in BaseException
c11986f 
Taint analysis tools such as Pysa might want to mark `BaseException.__str__`
and `BaseException.__repr__` as a source. However, since those methods
are inherited, this is not possible. Making the definition explicit fixes
the problem.
AlexWaygood
AlexWaygood approved these changes Oct 20, 2025
View reviewed changes
Copy link
Member

@AlexWaygood AlexWaygood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this seems fine to me

@github-actions
Copy link
Contributor

According to mypy_primer, this change has no effect on the checked open source code. 🤖🎉

@AlexWaygood AlexWaygood merged commit 4c4f999 into python:main Oct 20, 2025
63 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlexWaygood AlexWaygood AlexWaygood approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arthaud @AlexWaygood