Commit Graph

140 Commits

Author SHA1 Message Date
Gregory P. Smith 511ca94520
gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499)
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#). Much of that text wound up in the Issue. Backports PRs already exist. See the issue for links.
2022-09-02 09:35:08 -07:00
Christian Heimes deeaac49e2
bpo-40280: Skip socket, fork, subprocess tests on Emscripten (GH-31986)
- Add requires_fork and requires_subprocess to more tests
- Skip extension import tests if dlopen is not available
- Don't assume that _testcapi is a shared extension
- Skip a lot of socket tests that don't work on Emscripten
- Skip mmap tests, mmap emulation is incomplete
- venv does not work yet
- Cannot get libc from executable

The "entire" test suite is now passing on Emscripten with EMSDK from git head (91 suites are skipped).
2022-03-22 03:04:36 -07:00
Christian Clauss 745c9d9dfc
Fix typos in the Lib directory (GH-28775)
Fix typos in the Lib directory as identified by codespell.

Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
2021-10-06 16:13:48 -07:00
Serhiy Storchaka 40348acc18
bpo-45229: Remove test_main in many tests (GH-28405)
Instead of explicitly enumerate test classes for run_unittest()
use the unittest ability to discover tests. This also makes these
tests discoverable and runnable with unittest.

load_tests() can be used for dynamic generating tests and adding
doctests. setUpModule(), tearDownModule() and addModuleCleanup()
can be used for running code before and after all module tests.
2021-09-19 15:27:33 +03:00
Serhiy Storchaka c1b073a630
bpo-43433: Preserve query and fragment in the URL of the server in ServerProxy. (GH-25057) 2021-03-29 22:39:31 +09:00
Christian Heimes 03c8ddd9e9
bpo-42413: socket.timeout is now an alias of TimeoutError (GH-23413)
Signed-off-by: Christian Heimes <christian@python.org>
2020-11-20 00:26:07 -08:00
Hai Shi 06a40d7359
bpo-40275: Use new test.support helper submodules in tests (GH-20824) 2020-06-25 14:15:40 +02:00
Hai Shi e80697d687
bpo-40275: Adding threading_helper submodule in test.support (GH-20263) 2020-05-28 00:10:27 +02:00
Serhiy Storchaka 16994912c9
bpo-40275: Avoid importing socket in test.support (GH-19603)
* Move socket related functions from test.support to socket_helper.
* Import socket, nntplib and urllib.error lazily in transient_internet().
* Remove importing multiprocess.
2020-04-25 10:06:29 +03:00
Serhiy Storchaka 662db125cd
bpo-37685: Fixed __eq__, __lt__ etc implementations in some classes. (GH-14952)
They now return NotImplemented for unsupported type of the other operand.
2019-08-08 08:42:54 +03:00
Gregory P. Smith c4e671eec2
bpo-30458: Disallow control chars in http URLs. (GH-12755)
Disallow control chars in http URLs in urllib.urlopen.  This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.
2019-04-30 19:12:21 -07:00
Serhiy Storchaka 5b10b98247
bpo-22831: Use "with" to avoid possible fd leaks in tests (part 2). (GH-10929) 2019-03-05 10:06:26 +02:00
Cédric Krier beda52ed36 bpo-35153: Add headers parameter to xmlrpc.client.ServerProxy (GH-10308)
Allow to add HTTP headers to XML-RPC requests sent to the server.
2019-02-19 17:18:50 +01:00
Vajrasky Kok fae95874b7 bpo-18799: Resurrect test_404 in test_xmlrpc. (GH-11196) 2018-12-17 16:16:24 +02:00
Serhiy Storchaka 7cfd8c6a1b bpo-33759: Fix test.test_xmlrpc.ServerProxyTestCase. (GH-7362)
It depended on a global variable set by other tests.
2018-06-03 22:55:32 -04:00
Antoine Pitrou 88c60c9668 Trivial cleanups following bpo-31370 (#3649)
* Trivial cleanups following bpo-31370

* Also cleanup the "importlib._bootstrap_external" module
2017-09-18 23:50:44 +02:00
Victor Stinner 18e95b4176 bpo-31234: Join threads in tests (#3572)
Call thread.join() on threads to prevent the "dangling threads"
warning.
2017-09-14 08:43:04 -07:00
Antoine Pitrou a6a4dc816d bpo-31370: Remove support for threads-less builds (#3385)
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
2017-09-07 18:56:24 +02:00
Christian Heimes 3463ee3972 Stop test_xmlrpc from writing to sys.stderr (#3359)
One test case of test_xmlrpc uses HTTPServer with a subclass of
BaseHTTPRequestHandler. The BaseRequestHandler class logs to
sys.stderr by default. Override log_message() to not clobber
test output.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-05 21:43:46 -07:00
Dillon Brock c6b448b36d Change assertRaises to assertRaisesRegex in test_xmlrpc (#481) 2017-03-05 19:27:06 +02:00
Petr Motejlek 3c6314c08d bpo-29615: SimpleXMLRPCDispatcher no longer chains KeyError (#260)
(or any other exception) to exception(s) raised in the dispatched methods.
Patch by Petr Motejlek.
2017-03-01 19:21:28 +02:00
Xiang Zhang 267b9d2fa8 bpo-7769: enable xmlrpc.server.SimpleXMLRPCDispatcher.register_function used as decorator (GH-231) 2017-02-28 17:12:52 +08:00
Serhiy Storchaka 352601ca00 Issue #26885: xmlrpc now supports unmarshalling additional data types used
by Apache XML-RPC implementation for numerics and None.
2016-09-11 11:23:38 +03:00
R David Murray 44b548dda8 #27364: fix "incorrect" uses of escape character in the stdlib.
And most of the tools.

Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
2016-09-08 13:59:53 -04:00
Benjamin Peterson ab078e9ed1 Backed out changeset af29d89083b3 (closes #25548) (closes #27498) 2016-07-13 21:13:29 -07:00
Kushal Das 5801ecb440 Issue #25548: Showing memory address of class objects in repl 2016-06-04 16:21:13 -07:00
Serhiy Storchaka 45cdcd93c9 Issue #26873: xmlrpc now raises ResponseError on unsupported type tags
instead of silently return incorrect result.
2016-05-04 11:27:17 +03:00
Serhiy Storchaka 290fed43d9 Issue #26873: xmlrpc now raises ResponseError on unsupported type tags
instead of silently return incorrect result.
2016-05-04 11:26:42 +03:00
Serhiy Storchaka e437a10d15 Issue #23277: Remove unused imports in tests. 2016-04-24 21:41:02 +03:00
Serhiy Storchaka c7f44aa99a Issue #23277: Remove more unused sys and os imports. 2016-04-24 13:25:01 +03:00
Martin Panter eae3336e42 Issue #26402: Fix XML-RPC client retrying after server disconnection
This is a regression introduced in 3.5 by revision eba80326ba53. Fix by Jelte
Fennema, test case by me.
2016-02-25 11:53:40 +00:00
Serhiy Storchaka aebb6d3682 Issue #26147: xmlrpc now works with strings not encodable with used
non-UTF-8 encoding.
2016-01-20 10:34:27 +02:00
Serhiy Storchaka 084f7e4012 Issue #9006: Added tests for XML RPC with non-UTF-8 encoding. 2016-01-18 19:39:26 +02:00
Serhiy Storchaka 1c5e281df8 Use assertRaisesRegex instead of deprecated assertRaisesRegexp. 2015-04-10 12:54:19 +03:00
Serhiy Storchaka 93da9b5e57 Use assertRaisesRegex instead of deprecated assertRaisesRegexp. 2015-04-10 12:52:09 +03:00
Benjamin Peterson eca72d47f5 merge 3.3 (#16043) 2014-12-05 20:34:56 -05:00
Benjamin Peterson 81b7374fbe merge 3.2 (#16043) 2014-12-05 20:30:54 -05:00
Benjamin Peterson 4e9cefaf86 add a default limit for the amount of data xmlrpclib.gzip_decode will return (closes #16043) 2014-12-05 20:15:15 -05:00
Serhiy Storchaka 56a6d855e2 Removed duplicated words in in comments and docs. 2014-12-01 18:28:43 +02:00
Brett Cannon 92716777b8 Stop using a deprecated unittest.TestCase method. 2014-12-12 12:00:02 -05:00
Benjamin Peterson 7eda940e1f merge 3.4 (#16043) 2014-12-05 20:36:07 -05:00
Serhiy Storchaka 83000a490a Removed duplicated words in in comments and docs. 2014-12-01 18:30:14 +02:00
Serhiy Storchaka 0c937b3ed6 Issue #22031: Reprs now always use hexadecimal format with the "0x" prefix
when contain an id in form " at 0x...".
2014-07-22 12:14:52 +03:00
Brett Cannon 33a4000374 Issue #20627: xmlrpc.client.ServerProxy is now a context manager.
Patch by Claudiu Popa.
2014-03-21 11:24:40 -04:00
R David Murray aaf17b33a5 #19192: Give up on time.xmlrpc.com as an xmlrpc network test.
time.xmlrpc.com has come and gone over the years, and has been gone again for
a while.  The test did test one thing that the current xmlrpc tests don't: the
use of multiple levels of attribute names in the call.  So in addition to
removing the network test, we add a test in xmlrpc of dotted name access.

There should also be a test for when dotted name access is disallowed, but
that requires more extensive test harness refactoring, and in any case was not
tested by the network test we are deleting, since it is a server-side setting.

This is a slightly simplified version of a patch by Vajrasky Kok.
2013-10-11 12:09:51 -04:00
Ezio Melotti 8281e7c24c #18453: merge with 3.3. 2013-08-10 18:37:36 +03:00
Ezio Melotti 319163244a #18453: fix unused variables in test_xmlrpc. Patch by Vajrasky Kok. 2013-08-10 18:37:05 +03:00
Brett Cannon 260fbe80c5 Issue #15767: Excise the remaining instances of ModuleNotFoundError 2013-07-04 18:16:15 -04:00
Brett Cannon e382b5868a Partially revert changeset #281857369a78 to make sure threads are
reaped in all situations.
2013-06-12 21:25:23 -04:00
Brett Cannon 603dcf2714 Spruce up test_xmlrpc by using ModuleNotFoundError and moving to
unittest.main().
2013-06-12 20:04:19 -04:00