-SSTI -学习笔记

SSTI入门

SSTI

Posted by mr_king on November 12, 2020

SSTI入门

[TOC]

类的基本调用

"".__class__
# <class 'str'>

返回了<class ‘str’>,对于一个空字符串他已经打印了str类型,在python中,每个类都有一个bases属性,列出其基类。现在我们写代码。

"".__class__.__mro__
#(<class 'str'>, <class 'object'>)

可以看到返回了(<class ‘str’>, <class ‘object’>),同样可以找到object类,正是由于这些但不仅限于这些方法,我们才有了各种沙箱逃逸的姿势。正如上面的解释,mro返回了解析方法调用的顺序,将会打印两个。在flask ssti中poc中很大一部分是从object类中寻找我们可利用的类的方法。我们这里只举例最简单的。接下来我们增加代码。接下来我们使用subclasses,subclasses() 这个方法,这个方法返回的是这个类的子类的集合,也就是object类的子类的集合。

"".__class__.__mro__[1].__subclasses__()
#
[<class 'type'>, <class 'weakref'>, <class 'weakcallableproxy'>, <class 'weakproxy'>, <class 'int'>, <class 'bytearray'>, <class 'bytes'>, <class 'list'>, <class 'NoneType'>, <class 'NotImplementedType'>, <class 'traceback'>, <class 'super'>, <class 'range'>, <class 'dict'>, <class 'dict_keys'>, <class 'dict_values'>, <class 'dict_items'>, <class 'odict_iterator'>, <class 'set'>, <class 'str'>, <class 'slice'>, <class 'staticmethod'>, <class 'complex'>, <class 'float'>, <class 'frozenset'>, <class 'property'>, <class 'managedbuffer'>, <class 'memoryview'>, <class 'tuple'>, <class 'enumerate'>, <class 'reversed'>, <class 'stderrprinter'>, <class 'code'>, <class 'frame'>, <class 'builtin_function_or_method'>, <class 'method'>, <class 'function'>, <class 'mappingproxy'>, <class 'generator'>, <class 'getset_descriptor'>, <class 'wrapper_descriptor'>, <class 'method-wrapper'>, <class 'ellipsis'>, <class 'member_descriptor'>, <class 'types.SimpleNamespace'>, <class 'PyCapsule'>, <class 'longrange_iterator'>, <class 'cell'>, <class 'instancemethod'>, <class 'classmethod_descriptor'>, <class 'method_descriptor'>, <class 'callable_iterator'>, <class 'iterator'>, <class 'coroutine'>, <class 'coroutine_wrapper'>, <class 'moduledef'>, <class 'module'>, <class 'EncodingMap'>, <class 'fieldnameiterator'>, <class 'formatteriterator'>, <class 'filter'>, <class 'map'>, <class 'zip'>, <class 'BaseException'>, <class 'hamt'>, <class 'hamt_array_node'>, <class 'hamt_bitmap_node'>, <class 'hamt_collision_node'>, <class 'keys'>, <class 'values'>, <class 'items'>, <class 'Context'>, <class 'ContextVar'>, <class 'Token'>, <class 'Token.MISSING'>, <class '_frozen_importlib._ModuleLock'>, <class '_frozen_importlib._DummyModuleLock'>, <class '_frozen_importlib._ModuleLockManager'>, <class '_frozen_importlib._installed_safely'>, <class '_frozen_importlib.ModuleSpec'>, <class '_frozen_importlib.BuiltinImporter'>, <class 'classmethod'>, <class '_frozen_importlib.FrozenImporter'>, <class '_frozen_importlib._ImportLockContext'>, <class '_thread._localdummy'>, <class '_thread._local'>, <class '_thread.lock'>, <class '_thread.RLock'>, <class 'zipimport.zipimporter'>, <class '_frozen_importlib_external.WindowsRegistryFinder'>, <class '_frozen_importlib_external._LoaderBasics'>, <class '_frozen_importlib_external.FileLoader'>, <class '_frozen_importlib_external._NamespacePath'>, <class '_frozen_importlib_external._NamespaceLoader'>, <class '_frozen_importlib_external.PathFinder'>, <class '_frozen_importlib_external.FileFinder'>, <class '_io._IOBase'>, <class '_io._BytesIOBuffer'>, <class '_io.IncrementalNewlineDecoder'>, <class 'nt.ScandirIterator'>, <class 'nt.DirEntry'>, <class 'PyHKEY'>, <class 'codecs.Codec'>, <class 'codecs.IncrementalEncoder'>, <class 'codecs.IncrementalDecoder'>, <class 'codecs.StreamReaderWriter'>, <class 'codecs.StreamRecoder'>, <class '_abc_data'>, <class 'abc.ABC'>, <class 'dict_itemiterator'>, <class 'collections.abc.Hashable'>, <class 'collections.abc.Awaitable'>, <class 'collections.abc.AsyncIterable'>, <class 'async_generator'>, <class 'collections.abc.Iterable'>, <class 'bytes_iterator'>, <class 'bytearray_iterator'>, <class 'dict_keyiterator'>, <class 'dict_valueiterator'>, <class 'list_iterator'>, <class 'list_reverseiterator'>, <class 'range_iterator'>, <class 'set_iterator'>, <class 'str_iterator'>, <class 'tuple_iterator'>, <class 'collections.abc.Sized'>, <class 'collections.abc.Container'>, <class 'collections.abc.Callable'>, <class 'os._wrap_close'>, <class '_sitebuiltins.Quitter'>, <class '_sitebuiltins._Printer'>, <class '_sitebuiltins._Helper'>, <class 'MultibyteCodec'>, <class 'MultibyteIncrementalEncoder'>, <class 'MultibyteIncrementalDecoder'>, <class 'MultibyteStreamReader'>, <class 'MultibyteStreamWriter'>, <class 'types.DynamicClassAttribute'>, <class 'types._GeneratorWrapper'>, <class 'warnings.WarningMessage'>, <class 'warnings.catch_warnings'>, <class 'importlib.abc.Finder'>, <class 'importlib.abc.Loader'>, <class 'importlib.abc.ResourceReader'>, <class 'operator.itemgetter'>, <class 'operator.attrgetter'>, <class 'operator.methodcaller'>, <class 'itertools.accumulate'>, <class 'itertools.combinations'>, <class 'itertools.combinations_with_replacement'>, <class 'itertools.cycle'>, <class 'itertools.dropwhile'>, <class 'itertools.takewhile'>, <class 'itertools.islice'>, <class 'itertools.starmap'>, <class 'itertools.chain'>, <class 'itertools.compress'>, <class 'itertools.filterfalse'>, <class 'itertools.count'>, <class 'itertools.zip_longest'>, <class 'itertools.permutations'>, <class 'itertools.product'>, <class 'itertools.repeat'>, <class 'itertools.groupby'>, <class 'itertools._grouper'>, <class 'itertools._tee'>, <class 'itertools._tee_dataobject'>, <class 'reprlib.Repr'>, <class 'collections.deque'>, <class '_collections._deque_iterator'>, <class '_collections._deque_reverse_iterator'>, <class 'collections._Link'>, <class 'functools.partial'>, <class 'functools._lru_cache_wrapper'>, <class 'functools.partialmethod'>, <class 'contextlib.ContextDecorator'>, <class 'contextlib._GeneratorContextManagerBase'>, <class 'contextlib._BaseExitStack'>, <class '_weakrefset._IterationGuard'>, <class '_weakrefset.WeakSet'>, <class 'weakref.finalize._Info'>, <class 'weakref.finalize'>, <class 'pkgutil.ImpImporter'>, <class 'pkgutil.ImpLoader'>, <class 'runpy._TempModule'>, <class 'runpy._ModifiedArgv0'>, <class 'enum.auto'>, <enum 'Enum'>, <class 're.Pattern'>, <class 're.Match'>, <class '_sre.SRE_Scanner'>, <class 'sre_parse.Pattern'>, <class 'sre_parse.SubPattern'>, <class 'sre_parse.Tokenizer'>, <class 're.Scanner'>, <class 'tokenize.Untokenizer'>, <class 'traceback.FrameSummary'>, <class 'traceback.TracebackException'>, <class 'string.Template'>, <class 'string.Formatter'>, <class 'threading._RLock'>, <class 'threading.Condition'>, <class 'threading.Semaphore'>, <class 'threading.Event'>, <class 'threading.Barrier'>, <class 'threading.Thread'>, <class 'logging.LogRecord'>, <class 'logging.PercentStyle'>, <class 'logging.Formatter'>, <class 'logging.BufferingFormatter'>, <class 'logging.Filter'>, <class 'logging.Filterer'>, <class 'logging.PlaceHolder'>, <class 'logging.Manager'>, <class 'logging.LoggerAdapter'>, <class 'zlib.Compress'>, <class 'zlib.Decompress'>, <class '_bz2.BZ2Compressor'>, <class '_bz2.BZ2Decompressor'>, <class '_lzma.LZMACompressor'>, <class '_lzma.LZMADecompressor'>, <class '_ast.AST'>, <class 'ast.NodeVisitor'>, <class 'dis.Bytecode'>, <class 'inspect.BlockFinder'>, <class 'inspect._void'>, <class 'inspect._empty'>, <class 'inspect.Parameter'>, <class 'inspect.BoundArguments'>, <class 'inspect.Signature'>, <class 'traitlets.utils.sentinel.Sentinel'>, <class 'traitlets.traitlets._SimpleTest'>, <class 'traitlets.traitlets.link'>, <class 'traitlets.traitlets.directional_link'>, <class 'traitlets.traitlets.BaseDescriptor'>, <class 'traitlets.traitlets._CallbackWrapper'>, <class 'traitlets.traitlets.HasDescriptors'>, <class 'traitlets.traitlets.ForwardDeclaredMixin'>, <class '_json.Scanner'>, <class '_json.Encoder'>, <class 'json.decoder.JSONDecoder'>, <class 'json.encoder.JSONEncoder'>, <class 'pprint._safe_key'>, <class 'pprint.PrettyPrinter'>, <class 'gettext.NullTranslations'>, <class 'argparse._AttributeHolder'>, <class 'argparse.HelpFormatter._Section'>, <class 'argparse.HelpFormatter'>, <class 'argparse.FileType'>, <class 'argparse._ActionsContainer'>, <class '_hashlib.HASH'>, <class '_blake2.blake2b'>, <class '_blake2.blake2s'>, <class '_sha3.sha3_224'>, <class '_sha3.sha3_256'>, <class '_sha3.sha3_384'>, <class '_sha3.sha3_512'>, <class '_sha3.shake_128'>, <class '_sha3.shake_256'>, <class '_random.Random'>, <class '_winapi.Overlapped'>, <class 'subprocess.STARTUPINFO'>, <class 'subprocess.CompletedProcess'>, <class 'subprocess.Popen'>, <class 'traitlets.config.loader._Sentinel'>, <class 'traitlets.config.loader.DeferredConfig'>, <class 'traitlets.config.loader.ConfigLoader'>, <class 'textwrap.TextWrapper'>, <class 'urllib.parse._ResultMixinStr'>, <class 'urllib.parse._ResultMixinBytes'>, <class 'urllib.parse._NetlocResultMixinBase'>, <class 'pydoc.Doc'>, <class 'pydoc.Helper'>, <class 'pydoc.ModuleScanner'>, <class 'bdb.Bdb'>, <class 'bdb.Breakpoint'>, <class 'IPython.utils.coloransi.TermColors'>, <class 'IPython.utils.coloransi.InputTermColors'>, <class 'IPython.utils.coloransi.NoColors'>, <class 'IPython.utils.coloransi.ColorScheme'>, <class 'IPython.core.excolors.Deprec'>, <class 'cmd.Cmd'>, <class '__future__._Feature'>, <class 'codeop.Compile'>, <class 'codeop.CommandCompiler'>, <class 'code.InteractiveInterpreter'>, <class 'IPython.core.debugger.Tracer'>, <class 'CArgObject'>, <class '_ctypes.CThunkObject'>, <class '_ctypes._CData'>, <class '_ctypes.CField'>, <class '_ctypes.DictRemover'>, <class 'Struct'>, <class 'unpack_iterator'>, <class 'ctypes.CDLL'>, <class 'ctypes.LibraryLoader'>, <class 'shlex.shlex'>, <class 'IPython.utils._process_win32.AvoidUNCPath'>, <class 'IPython.core.crashhandler.CrashHandler'>, <class 'tempfile._RandomNameSequence'>, <class 'tempfile._TemporaryFileCloser'>, <class 'tempfile._TemporaryFileWrapper'>, <class 'tempfile.SpooledTemporaryFile'>, <class 'tempfile.TemporaryDirectory'>, <class 'pathlib._Flavour'>, <class 'pathlib._Accessor'>, <class 'pathlib._Selector'>, <class 'pathlib._TerminatingSelector'>, <class 'pathlib.PurePath'>, <class 'IPython.core.magic_arguments.ArgDecorator'>, <class 'typing._Final'>, <class 'typing._Immutable'>, <class 'typing.Generic'>, <class 'typing._TypingEmpty'>, <class 'typing._TypingEllipsis'>, <class 'typing.NamedTuple'>, <class 'typing.io'>, <class 'typing.re'>, <class 'mimetypes.MimeTypes'>, <class 'IPython.core.display.DisplayHandle'>, <class 'IPython.core.display.DisplayObject'>, <class 'datetime.date'>, <class 'datetime.timedelta'>, <class 'datetime.time'>, <class 'datetime.tzinfo'>, <class 'IPython.lib.pretty._PrettyPrinterBase'>, <class 'IPython.lib.pretty.Printable'>, <class 'IPython.lib.pretty.GroupQueue'>, <class 'pygments.util.Future'>, <class 'pygments.filter.Filter'>, <class 'pygments.lexer.Lexer'>, <class 'pygments.lexer._inherit'>, <class 'pygments.lexer._PseudoMatch'>, <class 'pygments.lexer._This'>, <class 'pygments.lexer.default'>, <class 'pygments.lexer.LexerContext'>, <class 'pygments.formatter.Formatter'>, <class 'IPython.core.inputtransformer2.PromptStripper'>, <class 'IPython.core.inputtransformer2.TokenTransformBase'>, <class 'IPython.core.inputtransformer2.TransformerManager'>, <class 'decorator.FunctionMaker'>, <class 'IPython.core.magic.Bunch'>, <class 'IPython.core.magic.MagicAlias'>, <class 'pickle._Framer'>, <class 'pickle._Unframer'>, <class 'pickle._Pickler'>, <class 'pickle._Unpickler'>, <class '_pickle.Unpickler'>, <class '_pickle.Pickler'>, <class '_pickle.Pdata'>, <class '_pickle.PicklerMemoProxy'>, <class '_pickle.UnpicklerMemoProxy'>, <class 'pickleshare.PickleShareLink'>, <class 'IPython.core.autocall.IPyAutocall'>, <class 'IPython.core.macro.Macro'>, <class 'IPython.core.splitinput.LineInfo'>, <class 'IPython.core.alias.Alias'>, <class 'IPython.core.builtin_trap.__BuiltinUndefined'>, <class 'IPython.core.builtin_trap.__HideBuiltin'>, <class 'IPython.core.events.EventManager'>, <class 'IPython.core.displayhook.CapturingDisplayHook'>, <class 'IPython.utils.sentinel.Sentinel'>, <class 'IPython.core.formatters.FormatterABC'>, <class 'sqlite3.Row'>, <class 'sqlite3.Cursor'>, <class 'sqlite3.Connection'>, <class 'sqlite3Node'>, <class 'sqlite3.Cache'>, <class 'sqlite3.Statement'>, <class 'sqlite3.PrepareProtocol'>, <class 'IPython.core.history.DummyDB'>, <class 'IPython.core.logger.Logger'>, <class 'IPython.lib.display.IFrame'>, <class 'IPython.lib.display.FileLink'>, <class 'IPython.utils.capture.RichOutput'>, <class 'IPython.utils.capture.CapturedIO'>, <class 'IPython.utils.capture.capture_output'>, <class 'IPython.utils.io.IOStream'>, <class 'IPython.utils.io.Tee'>, <class 'IPython.core.hooks.CommandChainDispatcher'>, <class 'IPython.utils.strdispatch.StrDispatch'>, <class 'IPython.utils.syspathcontext.appended_to_syspath'>, <class 'IPython.utils.syspathcontext.prepended_to_syspath'>, <class 'IPython.utils.tempdir.NamedFileInTemporaryDirectory'>, <class 'IPython.utils.contexts.preserve_keys'>, <class 'IPython.utils.contexts.NoOpContext'>, <class 'IPython.core.async_helpers._AsyncIORunner'>, <class 'IPython.core.interactiveshell.DummyMod'>, <class 'IPython.core.interactiveshell.ExecutionInfo'>, <class 'IPython.core.interactiveshell.ExecutionResult'>, <class 'IPython.core.interactiveshell.InteractiveShellABC'>, <class 'concurrent.futures._base._Waiter'>, <class 'concurrent.futures._base._AcquireFutures'>, <class 'concurrent.futures._base.Future'>, <class 'concurrent.futures._base.Executor'>, <class 'selectors.BaseSelector'>, <class '_socket.socket'>, <class '_ssl._SSLContext'>, <class '_ssl._SSLSocket'>, <class '_ssl.MemoryBIO'>, <class '_ssl.Session'>, <class 'ssl.SSLObject'>, <class 'asyncio.coroutines.CoroWrapper'>, <class 'asyncio.events.Handle'>, <class 'asyncio.events.AbstractServer'>, <class 'asyncio.events.AbstractEventLoop'>, <class 'asyncio.events.AbstractEventLoopPolicy'>, <class '_asyncio.Future'>, <class '_asyncio.FutureIter'>, <class 'TaskStepMethWrapper'>, <class 'TaskWakeupMethWrapper'>, <class '_RunningLoopHolder'>, <class 'asyncio.futures.Future'>, <class 'asyncio.protocols.BaseProtocol'>, <class 'asyncio.transports.BaseTransport'>, <class 'asyncio.sslproto._SSLPipe'>, <class 'asyncio.locks._ContextManager'>, <class 'asyncio.locks._ContextManagerMixin'>, <class 'asyncio.locks.Event'>, <class 'asyncio.queues.Queue'>, <class 'asyncio.streams.StreamWriter'>, <class 'asyncio.streams.StreamReader'>, <class 'asyncio.subprocess.Process'>, <class '_overlapped.Overlapped'>, <class 'asyncio.windows_utils.PipeHandle'>, <class 'asyncio.windows_events.PipeServer'>, <class 'asyncio.windows_events.IocpProactor'>, <class 'prompt_toolkit.application.current.AppSession'>, <class 'prompt_toolkit.eventloop.async_generator._Done'>, <class 'prompt_toolkit.eventloop.inputhook.InputHookContext'>, <class 'prompt_toolkit.selection.SelectionState'>, <class 'prompt_toolkit.clipboard.base.ClipboardData'>, <class 'prompt_toolkit.clipboard.base.Clipboard'>, <class 'prompt_toolkit.filters.base.Filter'>, <class 'prompt_toolkit.document._DocumentCache'>, <class 'prompt_toolkit.document.Document'>, <class 'prompt_toolkit.auto_suggest.Suggestion'>, <class 'prompt_toolkit.auto_suggest.AutoSuggest'>, <class 'prompt_toolkit.styles.base.BaseStyle'>, <class 'prompt_toolkit.styles.style_transformation.StyleTransformation'>, <class 'prompt_toolkit.output.base.Output'>, <class 'prompt_toolkit.patch_stdout.StdoutProxy'>, <class 'array.array'>, <class 'prompt_toolkit.output.vt100._16ColorCache'>, <class 'prompt_toolkit.mouse_events.MouseEvent'>, <class 'prompt_toolkit.formatted_text.base.Template'>, <class 'prompt_toolkit.formatted_text.ansi.ANSI'>, <class 'xml.dom.Node'>, <class 'xml.dom.UserDataHandler'>, <class 'xml.dom.NodeFilter.NodeFilter'>, <class 'xml.dom.xmlbuilder.Options'>, <class 'xml.dom.xmlbuilder.DOMBuilder'>, <class 'xml.dom.xmlbuilder.DOMEntityResolver'>, <class 'xml.dom.xmlbuilder.DOMInputSource'>, <class 'xml.dom.xmlbuilder.DOMBuilderFilter'>, <class 'xml.dom.xmlbuilder.DocumentLS'>, <class 'xml.dom.xmlbuilder.DOMImplementationLS'>, <class 'xml.dom.minidom.NamedNodeMap'>, <class 'xml.dom.minidom.TypeInfo'>, <class 'xml.dom.minidom.Childless'>, <class 'xml.dom.minidom.ReadOnlySequentialNamedNodeMap'>, <class 'xml.dom.minidom.Identified'>, <class 'xml.dom.minidom.ElementInfo'>, <class 'prompt_toolkit.formatted_text.html.HTML'>, <class 'prompt_toolkit.formatted_text.pygments.PygmentsTokens'>, <class 'prompt_toolkit.completion.base.Completion'>, <class 'prompt_toolkit.completion.base.CompleteEvent'>, <class 'prompt_toolkit.completion.base.Completer'>, <class 'prompt_toolkit.history.History'>, <class 'prompt_toolkit.key_binding.key_bindings.Binding'>, <class 'prompt_toolkit.key_binding.key_bindings.KeyBindingsBase'>, <class 'prompt_toolkit.key_binding.key_processor.KeyPress'>, <class 'prompt_toolkit.key_binding.key_processor.KeyProcessor'>, <class 'prompt_toolkit.key_binding.key_processor.KeyPressEvent'>, <class 'prompt_toolkit.key_binding.vi_state.CharacterFind'>, <class 'prompt_toolkit.key_binding.vi_state.ViState'>, <class 'prompt_toolkit.search.SearchState'>, <class 'prompt_toolkit.validation.Validator'>, <class 'prompt_toolkit.buffer.CompletionState'>, <class 'prompt_toolkit.buffer.YankNthArgState'>, <class 'prompt_toolkit.buffer.Buffer'>, <class 'prompt_toolkit.input.base.Input'>, <class 'prompt_toolkit.lexers.base.Lexer'>, <class 'prompt_toolkit.lexers.pygments.SyntaxSync'>, <class 'prompt_toolkit.layout.processors.Processor'>, <class 'prompt_toolkit.layout.processors.TransformationInput'>, <class 'prompt_toolkit.layout.processors.Transformation'>, <class 'prompt_toolkit.layout.controls.UIControl'>, <class 'prompt_toolkit.layout.controls.UIContent'>, <class 'prompt_toolkit.layout.dimension.Dimension'>, <class 'prompt_toolkit.layout.margins.Margin'>, <class 'prompt_toolkit.layout.mouse_handlers.MouseHandlers'>, <class 'prompt_toolkit.layout.screen.Char'>, <class 'prompt_toolkit.layout.screen.Screen'>, <class 'prompt_toolkit.layout.screen.WritePosition'>, <class 'prompt_toolkit.layout.containers.Container'>, <class 'prompt_toolkit.layout.containers.Float'>, <class 'prompt_toolkit.layout.containers.WindowRenderInfo'>, <class 'prompt_toolkit.layout.containers.ScrollOffsets'>, <class 'prompt_toolkit.layout.containers.ColorColumn'>, <class 'prompt_toolkit.layout.layout.Layout'>, <class 'prompt_toolkit.input.vt100_parser._Flush'>, <class 'prompt_toolkit.input.vt100_parser.Vt100Parser'>, <class 'prompt_toolkit.key_binding.bindings.vi.TextObject'>, <class 'prompt_toolkit.key_binding.emacs_state.EmacsState'>, <class 'prompt_toolkit.renderer.Renderer'>, <class 'prompt_toolkit.widgets.toolbars.SystemToolbar'>, <class 'prompt_toolkit.widgets.toolbars.ArgToolbar'>, <class 'prompt_toolkit.widgets.toolbars.SearchToolbar'>, <class 'prompt_toolkit.widgets.toolbars.CompletionsToolbar'>, <class 'prompt_toolkit.widgets.toolbars.ValidationToolbar'>, <class 'prompt_toolkit.widgets.base.Border'>, <class 'prompt_toolkit.widgets.base.TextArea'>, <class 'prompt_toolkit.widgets.base.Label'>, <class 'prompt_toolkit.widgets.base.Button'>, <class 'prompt_toolkit.widgets.base.Frame'>, <class 'prompt_toolkit.widgets.base.Shadow'>, <class 'prompt_toolkit.widgets.base.Box'>, <class 'prompt_toolkit.widgets.base.VerticalLine'>, <class 'prompt_toolkit.widgets.base.HorizontalLine'>, <class 'prompt_toolkit.widgets.base.ProgressBar'>, <class 'prompt_toolkit.widgets.dialogs.Dialog'>, <class 'prompt_toolkit.widgets.menus.MenuContainer'>, <class 'prompt_toolkit.widgets.menus.MenuItem'>, <class 'prompt_toolkit.shortcuts.progress_bar.formatters.Formatter'>, <class 'prompt_toolkit.shortcuts.progress_bar.base.ProgressBar'>, <class 'pygments.style.Style'>, <class 'parso.tree.NodeOrLeaf'>, <class 'parso.python.token.TokenType'>, <class 'parso.python.token.TokenTypes'>, <class 'parso.python.tokenize.FStringNode'>, <class 'parso.pgen2.grammar_parser.GrammarParser'>, <class 'parso.pgen2.grammar_parser.NFAArc'>, <class 'parso.pgen2.grammar_parser.NFAState'>, <class 'parso.pgen2.generator.Grammar'>, <class 'parso.pgen2.generator.DFAPlan'>, <class 'parso.pgen2.generator.DFAState'>, <class 'parso.pgen2.generator.ReservedString'>, <class 'parso.parser.StackNode'>, <class 'parso.parser.BaseParser'>, <class 'difflib.SequenceMatcher'>, <class 'difflib.Differ'>, <class 'difflib.HtmlDiff'>, <class 'parso.python.prefix.PrefixPart'>, <class 'parso.python.tree.DocstringMixin'>, <class 'parso.python.tree.PythonMixin'>, <class 'parso.python.tree._StringComparisonMixin'>, <class 'parso.python.diff.DiffParser'>, <class 'parso.python.diff._NodesTreeNode'>, <class 'parso.python.diff._NodesTree'>, <class 'parso.file_io.FileIO'>, <class 'parso.cache._NodeCacheItem'>, <class 'parso.normalizer.HackClass'>, <class 'parso.normalizer.NormalizerConfig'>, <class 'parso.normalizer.Issue'>, <class 'parso.normalizer.Rule'>, <class 'parso.python.errors._Context'>, <class 'parso.python.pep8.IndentationTypes'>, <class 'parso.python.pep8.IndentationNode'>, <class 'parso.grammar.Grammar'>, <class 'jedi.file_io.AbstractFolderIO'>, <class 'jedi.file_io.FileIOFolderMixin'>, <class 'jedi._compatibility.DummyFile'>, <class 'jedi._compatibility.ImplicitNSInfo'>, <class '_queue.SimpleQueue'>, <class 'queue.Queue'>, <class 'queue._PySimpleQueue'>, <class 'jedi.debug.Fore'>, <class 'jedi.inference.utils.PushBackIterator'>, <class 'jedi.inference.base_value.HelperValueMixin'>, <class 'jedi.inference.base_value.ContextualizedNode'>, <class 'jedi.inference.base_value.ValueSet'>, <class 'jedi.inference.recursion.RecursionDetector'>, <class 'jedi.inference.recursion.ExecutionRecursionDetector'>, <class 'jedi.inference.flow_analysis.Status'>, <class 'jedi.inference.lazy_value.AbstractLazyValue'>, <class 'jedi.plugins._PluginManager'>, <class 'jedi.inference.names.AbstractNameDefinition'>, <class 'jedi.inference.names.ValueNameMixin'>, <class 'jedi.inference.names._ParamMixin'>, <class 'jedi.inference.names.NameWrapper'>, <class 'jedi.inference.names.StubNameMixin'>, <class 'jedi.inference.filters.AbstractFilter'>, <class 'jedi.inference.filters.FilterWrapper'>, <class 'jedi.inference.filters.MergedFilter'>, <class 'jedi.inference.filters._AttributeOverwriteMixin'>, <class 'jedi.inference.compiled.access.AccessPath'>, <class 'jedi.inference.compiled.access.DirectObjectAccess'>, <class 'jedi.inference.signature._SignatureMixin'>, <class 'jedi.inference.context.AbstractContext'>, <class 'jedi.inference.context.TreeContextMixin'>, <class 'jedi.inference.compiled.value.CheckAttribute'>, <class 'jedi.inference.analysis.Error'>, <class 'jedi.inference.value.module.SubModuleDictMixin'>, <class 'jedi.inference.value.iterable.IterableMixin'>, <class 'jedi.inference.value.iterable.ComprehensionMixin'>, <class 'jedi.inference.value.iterable._DictMixin'>, <class 'jedi.inference.value.iterable._DictKeyMixin'>, <class 'jedi.inference.arguments._AbstractArgumentsMixin'>, <class 'jedi.inference.gradual.generics._AbstractGenericManager'>, <class 'jedi.inference.value.function.FunctionMixin'>, <class 'jedi.inference.value.klass.ClassMixin'>, <class 'jedi.inference.gradual.base._TypeVarFilter'>, <class 'jedi.inference.gradual.base._LazyGenericBaseClass'>, <class 'jedi.inference.imports.ModuleCache'>, <class 'jedi.inference.imports.Importer'>, <class 'jedi.inference.InferenceState'>, <class 'jedi.api.helpers.CallDetails'>, <class 'jedi.api.classes.BaseName'>, <class 'jedi.api.interpreter.NamespaceObject'>, <class 'jedi.api.completion.Completion'>, <class 'filecmp.dircmp'>, <class 'jedi.inference.compiled.subprocess._InferenceStateProcess'>, <class 'jedi.inference.compiled.subprocess.CompiledSubprocess'>, <class 'jedi.inference.compiled.subprocess.Listener'>, <class 'jedi.inference.compiled.subprocess.AccessHandle'>, <class 'jedi.api.environment._BaseEnvironment'>, <class 'jedi.api.environment._SameEnvironmentMixin'>, <class 'jedi.api.project.Project'>, <class 'jedi.api.errors.SyntaxError'>, <class 'jedi.api.refactoring.ChangedFile'>, <class 'jedi.api.refactoring.Refactoring'>, <class 'jedi.api.Script'>, <class 'IPython.core.completer._FakeJediCompletion'>, <class 'IPython.core.completer.Completion'>, <class 'IPython.core.completer.CompletionSplitter'>, <class 'IPython.terminal.prompts.Prompts'>, <class 'IPython.core.magics.basic.MagicsDisplay'>, <class 'email.charset.Charset'>, <class 'email.header.Header'>, <class 'email.header._ValueFormatter'>, <class 'calendar._localized_month'>, <class 'calendar._localized_day'>, <class 'calendar.Calendar'>, <class 'calendar.different_locale'>, <class 'email._parseaddr.AddrlistClass'>, <class 'email._policybase._PolicyBase'>, <class 'email.feedparser.BufferedSubFile'>, <class 'email.feedparser.FeedParser'>, <class 'email.parser.Parser'>, <class 'email.parser.BytesParser'>, <class 'email.message.Message'>, <class 'http.client.HTTPConnection'>, <class 'urllib.request.Request'>, <class 'urllib.request.OpenerDirector'>, <class 'urllib.request.BaseHandler'>, <class 'urllib.request.HTTPPasswordMgr'>, <class 'urllib.request.AbstractBasicAuthHandler'>, <class 'urllib.request.AbstractDigestAuthHandler'>, <class 'urllib.request.URLopener'>, <class 'urllib.request.ftpwrapper'>, <class 'timeit.Timer'>, <class '_lsprof.Profiler'>, <class 'profile._Utils'>, <class 'profile.Profile.fake_code'>, <class 'profile.Profile.fake_frame'>, <class 'profile.Profile'>, <class 'pstats.Stats'>, <class 'pstats.TupleComp'>, <class 'IPython.core.magics.execution.TimeitResult'>, <class 'IPython.lib.backgroundjobs.BackgroundJobManager'>, <class 'colorama.ansi.AnsiCodes'>, <class 'colorama.ansi.AnsiCursor'>, <class 'colorama.winterm.WinColor'>, <class 'colorama.winterm.WinStyle'>, <class 'colorama.winterm.WinTerm'>, <class 'colorama.ansitowin32.StreamWrapper'>, <class 'colorama.ansitowin32.AnsiToWin32'>, <class 'prompt_toolkit.output.win32.FOREGROUND_COLOR'>, <class 'prompt_toolkit.output.win32.BACKGROUND_COLOR'>, <class 'prompt_toolkit.output.win32.ColorLookupTable'>, <class 'prompt_toolkit.output.conemu.ConEmuOutput'>, <class 'prompt_toolkit.output.windows10.Windows10_Output'>, <class 'prompt_toolkit.input.win32.ConsoleInputReader'>, <class 'prompt_toolkit.input.win32._Win32Handles'>, <class 'prompt_toolkit.input.win32.raw_mode'>, <class 'concurrent.futures.thread._WorkItem'>]

__class__ 返回调用的参数类型
__bases__ 返回类型列表
__mro__ 此属性是在方法解析期间寻找基类时考虑的类元组
__subclasses__() 返回object的子类
__globals__ 函数会以字典类型返回当前位置的全部全局变量  func_globals 等价
__getattribute__ 使用实例访问属性时,调用该方法
__dict__ 查看方法

''.__class__.__mro__[2]  #python2 ''.__class__.__mro__[1] #python3 {}.__class__.__bases__[0]
().__class__.__bases__[0]
[].__class__.__bases__[0]
request.__class__.__mro__[8] #针对jinjia2/flask为[9]适用 [10]
CATALOG
    FEATURED TAGS
    -web -学习笔记 -xss -MISC -杂项 -sql注入 -PHP -ctf -命令执行 -ssti -wp -java
    FRIENDS