Skip to main content

Python: Wrapping Methods Via a Backdoor

Often, when you write a server in Python, you include a backdoor. The backdoor is something that you can telnet to from localhost, and it's basically a Python shell. Within the Python shell, you can snoop around the running program. It's cool. Now, suppose you want to insert some code to debug a problem. Suppose you want to intercept all method calls to a certain class. (If you're a hardcore Python hacker, feel free to stop reading, but many other people will find this interesting.)

>>> class C:
... """This is some pre-existing class within the running application."""
... def f(self, num): print "I got called with:", num
>>> def wrap(f):
... """This is a function decorator. inner below is the wrapper itself."""
... def inner(*args, **kargs):
... print "I'm about to call %s with %s %s." % ... (f.__name__, `args[1:]`, `kargs`)
... return f(*args, **kargs)
... return inner
>>> # Wrap every method in C.
... for name in dir(C):
... attr = getattr(C, name)
... if callable(attr):
... setattr(C, name, wrap(attr))
>>> # Now, when you call C.f, the method is wrapped.
... C().f(5)
I'm about to call f with (5,) {}.
I got called with: 5


Ian Bicking said…
Perhaps an interesting way to make a backdoor is something like the console example I have in Paste.

Though if you wanted to watch all print statements, you might want something more chat-like, where the web app pings the server every second or two and shows any newly printed content. Though if you don't do that (and you were using WSGI) you could use something like paste.printdebug, which displays all prints in the webpage itself (assuming this is an in-development app): -- other logging-style collectors would also be neat.

Lastly, the magic_set decorator in is, I think, an interesting way to inject functionality (it should look for a next_method argument, though, which would make it easier to use for this kind of thing).
jjinux said…
Your mention of magic set is about how to add a method to a class, right? Yeah, I've faced that problem as well.

I talked about the solution I had for that problem at our Python users' group (basically, I curried the function, manually creating a bound method), but our two Python users' groups are so far away from each other. That is really too bad because we were specifically interested in a talk on SQLObject and other related projects! The funny thing is, that thread happened on our mailing list the same day you announced the next meeting of the Chicago Python users' group!

Yeah, using AJAX for the backdoor is cool, although, since you are enforcing the localhost rule (as am I), it's easier to telnet from localhost than to have a Web browser or HTTP tunnel on localhost. Nonetheless, it's a good technique.

Popular posts from this blog

Ubuntu 20.04 on a 2015 15" MacBook Pro

I decided to give Ubuntu 20.04 a try on my 2015 15" MacBook Pro. I didn't actually install it; I just live booted from a USB thumb drive which was enough to try out everything I wanted. In summary, it's not perfect, and issues with my camera would prevent me from switching, but given the right hardware, I think it's a really viable option. The first thing I wanted to try was what would happen if I plugged in a non-HiDPI screen given that my laptop has a HiDPI screen. Without sub-pixel scaling, whatever scale rate I picked for one screen would apply to the other. However, once I turned on sub-pixel scaling, I was able to pick different scale rates for the internal and external displays. That looked ok. I tried plugging in and unplugging multiple times, and it didn't crash. I doubt it'd work with my Thunderbolt display at work, but it worked fine for my HDMI displays at home. I even plugged it into my TV, and it stuck to the 100% scaling I picked for the othe

Drawing Sierpinski's Triangle in Minecraft Using Python

In his keynote at PyCon, Eben Upton, the Executive Director of the Rasberry Pi Foundation, mentioned that not only has Minecraft been ported to the Rasberry Pi, but you can even control it with Python . Since four of my kids are avid Minecraft fans, I figured this might be a good time to teach them to program using Python. So I started yesterday with the goal of programming something cool for Minecraft and then showing it off at the San Francisco Python Meetup in the evening. The first problem that I faced was that I didn't have a Rasberry Pi. You can't hack Minecraft by just installing the Minecraft client. Speaking of which, I didn't have the Minecraft client installed either ;) My kids always play it on their Nexus 7s. I found an open source Minecraft server called Bukkit that "provides the means to extend the popular Minecraft multiplayer server." Then I found a plugin called RaspberryJuice that implements a subset of the Minecraft Pi modding API for B

Creating Windows 10 Boot Media for a Lenovo Thinkpad T410 Using Only a Mac and a Linux Machine

TL;DR: Giovanni and I struggled trying to get Windows 10 installed on the Lenovo Thinkpad T410. We struggled a lot trying to create the installation media because we only had a Mac and a Linux machine to work with. Everytime we tried to boot the USB thumb drive, it just showed us a blinking cursor. At the end, we finally realized that Windows 10 wasn't supported on this laptop :-/ I've heard that it took Thomas Edison 100 tries to figure out the right material to use as a lightbulb filament. Well, I'm no Thomas Edison, but I thought it might be noteworthy to document our attempts at getting it to boot off a USB thumb drive: Download the ISO. Attempt 1: Use Etcher. Etcher says it doesn't work for Windows. Attempt 2: Use Boot Camp Assistant. It doesn't have that feature anymore. Attempt 3: Use Disk Utility on a Mac. Erase a USB thumb drive: Format: ExFAT Scheme: GUID Partition Map Mount the ISO. Copy everything from