Apply suggestions from code review

Co-authored-by: Dieter Maurer <[email protected]>
zopefoundation · Aug 2, 2024 · 7c298db · 7c298db
1 parent 64f9732
commit 7c298db
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -9,7 +9,8 @@ Changes
 - Allow to use the package with Python 3.13 -- Caution: No security
   audit has been done so far.
 - Add support for single mode statements / execution.
-- Fix a potential breakout capability in the provided safer_getattr method that is part of the safer_builtins
+- Fix a potential breakout capability in the provided ``safer_getattr`` method
+  that is part of the ``safer_builtins``.
 
 
 7.1 (2024-03-14)

diff --git a/src/RestrictedPython/Guards.py b/src/RestrictedPython/Guards.py
@@ -246,8 +246,8 @@ def safer_getattr(object, name, default=None, getattr=getattr):
     http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
 
     """
-    if not (isinstance(name, str) and type(name) is str):
-        raise TypeError('name is not of type str')
+    if type(name) is not str:
+        raise TypeError('type(name) must be str')
     if name in ('format', 'format_map') and (
             isinstance(object, str) or
             (isinstance(object, type) and issubclass(object, str))):

diff --git a/tests/test_Guards.py b/tests/test_Guards.py
@@ -292,7 +292,7 @@ def test_Guards__safer_getattr__4():
 
     with pytest.raises(TypeError) as err:
         restricted_exec(SAFER_GETATTR_BREAKOUT, restricted_globals)
-    assert 'name is not of type str' == str(err.value)
+    assert 'type(name) must be str' == str(err.value)
 
 
 def test_call_py3_builtins():