frozen_dataclass(security): Document and test immutability bypass vulnerability

tony · tony · commit 6bdd6f5e371f · 2025-02-28T06:22:40.000-06:00
why: Alert users to potential security issue and provide comprehensive test coverage
what:
- Discover critical vulnerability: _frozen flag can be modified to bypass immutability
- Add parametrized tests demonstrating the vulnerability and its implications
- Document the issue in docstrings with clear examples
- Implement NamedTuple-based test cases for boundary conditions and edge cases
- Add extensive dimension testing (zero, negative, extreme values)

security: Users should be aware that the immutability can be bypassed by setting _frozen=False
tests: Expanded from 6 to 14 pytest tests and 16 to 22 doctests
diff --git a/src/libtmux/_internal/frozen_dataclass.py b/src/libtmux/_internal/frozen_dataclass.py
@@ -86,9 +86,9 @@ def frozen_dataclass(cls: type[_T]) -> type[_T]:
     ... except AttributeError as e:
     ...     print(f"Error: {e}")
     Error: ImmutableSub is immutable: cannot modify field 'value'
-    
+
     Security consideration - modifying the _frozen flag:
-    
+
     >>> @frozen_dataclass
     ... class SecureData:
     ...     secret: str
