禁用python程序中的哈希随机化 [英] Disable hash randomization from within python program
问题描述
从Python 3.3开始,哈希算法是非确定性的腌制以避免某种类型的攻击。这对于web服务器来说很好,但是当试图调试一个程序的时候很麻烦:每次我运行我的脚本时,字典内容都会以不同的顺序迭代。
一些早期版本的python有一个 PYTHONHASHSEED 如果未设置此变量或将其设置为随机值,则会使用随机值对str,bytes和datetime对象的散列进行播种。 这个变量是这个变量必须在启动python进程之前设置。我试图用 有没有办法让python程序禁用自己的哈希随机化? 不幸的是,我怀疑这是不可能的。查看 我也注意到你说过每次我运行我的脚本时,字典内容都以不同的顺序迭代。 - 我假设您知道 如果您愿意在shell环境中设置该值,你也可以将你的python调用放在一个bash脚本中,比如 这样可以避免需要操作整个环境,只要你使用包装脚本即可。 甚至只需要传递命令的值line: Starting with Python 3.3, the hashing algorithm is non-deterministically salted to avoid a certain kind of attack. This is nice for webservers but it's a pain when trying to debug a program: Every time I run my script, dict contents are iterated in a different order. Some earlier versions of python had a PYTHONHASHSEED If this variable is not set or set to random, a random value is used to seed the hashes of str, bytes and datetime objects. The catch is that this variable must be set before launching the python process. I've tried to set it with Is there a way for a python program to disable its own hash randomization? I suspect this isn't possible, unfortunately. Looking at I also just noticed you said "Every time I run my script, dict contents are iterated in a different order." - I assume you're aware of If you're willing to set the value in your shell environment, you could also just wrap your python call in a bash script, e.g. That avoids needing to manipulate your whole environment, as long as you're ok with a wrapper script. Or even just pass the value on the command line:
这篇关于禁用python程序中的哈希随机化的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! -R
标志用于启用哈希随机化,但现在它是默认行为,该标志没有被相反的代替。
可以通过设置环境变量 PYTHONHASHSEED
:
lockquote
如果将PYTHONHASHSEED设置为整数值,被用作生成散列随机化所涵盖类型的散列()的固定种子。
os.putenv()
或者在 os.environ
中设置它,但是这些似乎对哈希方法没有影响。这并不令人感到意外:我不希望python在每个集合或字典查找之前检查环境!所以,问题仍然存在:
test_hash.py
HashRandomizationTests
类及其后代已添加到承诺引入了这种行为。他们通过修改环境来测试哈希行为,并通过明确设置 PYTHONHASHSEED
开始一个新进程。也许你可以尝试复制那个模式。
集合。 OrderedDict
,对吗?这是获得可靠哈希迭代的常用方法。
#! / bin / bash
export PYTHONHASHSEED = 0
#在这里调用你的python程序
$ PYTHONHASHSEED = 0 python YOURSCRIPT.py
-R
flag for enabling hash randomization, but now that it's the default behavior, the flag has not been replaced by its opposite.
Randomization can be disabled by setting the environment variable PYTHONHASHSEED
:
If PYTHONHASHSEED is set to an integer value, it is used as a fixed seed for generating the hash() of the types covered by the hash randomization.os.putenv()
, or in os.environ
, but these seem to have no effect on the hashing method. This is not too surprising: I wouldn't expect python to check the environment before every single set or dictionary lookup! So, the question remains:test_hash.py
the HashRandomizationTests
class and its descendants were added in the commit that introduced this behavior. They test the hashing behavior by modifying the environment and starting a new process with PYTHONHASHSEED
explicitly set. You could try to copy that pattern, perhaps.collections.OrderedDict
, right? That's the normal way to get reliable hash iteration.
#! /bin/bash
export PYTHONHASHSEED=0
# call your python program here
$ PYTHONHASHSEED=0 python YOURSCRIPT.py