diff options
author | Jeremy Hylton <jeremy@alum.mit.edu> | 2000-09-15 15:14:51 (GMT) |
---|---|---|
committer | Jeremy Hylton <jeremy@alum.mit.edu> | 2000-09-15 15:14:51 (GMT) |
commit | be467e5c69515c355982e41d90762a31f2d3f75b (patch) | |
tree | 82e62b2aa1d370258dd72c41fcce76835e5180f4 /Lib/test/test_pickle.py | |
parent | a647f577f00647063f1e29be75b2b3b8207fc3d0 (diff) | |
download | cpython-be467e5c69515c355982e41d90762a31f2d3f75b.zip cpython-be467e5c69515c355982e41d90762a31f2d3f75b.tar.gz cpython-be467e5c69515c355982e41d90762a31f2d3f75b.tar.bz2 |
Fix Bug #114293:
Strings are unpickled by calling eval on the string's repr. This
change makes pickle work like cPickle; it checks if the pickled
string is safe to eval and raises ValueError if it is not.
test suite modifications:
Verify that pickle catches a variety of insecure string pickles
Make test_pickle and test_cpickle use exactly the same test suite
Add test for pickling recursive object
Diffstat (limited to 'Lib/test/test_pickle.py')
-rw-r--r-- | Lib/test/test_pickle.py | 79 |
1 files changed, 72 insertions, 7 deletions
diff --git a/Lib/test/test_pickle.py b/Lib/test/test_pickle.py index 8fb534d..ff9c467 100644 --- a/Lib/test/test_pickle.py +++ b/Lib/test/test_pickle.py @@ -1,5 +1,6 @@ # Test the pickle module +# break into multiple strings to please font-lock-mode DATA = """(lp0 I0 aL1L @@ -7,17 +8,20 @@ aF2.0 ac__builtin__ complex p1 -(F3.0 +""" \ +"""(F3.0 F0.0 tp2 Rp3 a(S'abc' p4 g4 -(i__main__ +""" \ +"""(i__main__ C p5 -(dp6 +""" \ +"""(dp6 S'foo' p7 I1 @@ -33,8 +37,6 @@ a. BINDATA = ']q\000(K\000L1L\012G@\000\000\000\000\000\000\000c__builtin__\012complex\012q\001(G@\010\000\000\000\000\000\000G\000\000\000\000\000\000\000\000tq\002Rq\003(U\003abcq\004h\004(c__main__\012C\012q\005oq\006}q\007(U\003fooq\010K\001U\003barq\011K\002ubh\006tq\012h\012K\005e.' -import pickle - class C: def __cmp__(self, other): return cmp(self.__dict__, other.__dict__) @@ -42,7 +44,7 @@ class C: import __main__ __main__.C = C -def dotest(): +def dotest(pickle): c = C() c.foo = 1 c.bar = 2 @@ -51,6 +53,8 @@ def dotest(): x.append(y) x.append(y) x.append(5) + r = [] + r.append(r) print "dumps()" s = pickle.dumps(x) print "loads()" @@ -71,5 +75,66 @@ def dotest(): x2 = pickle.loads(BINDATA) if x2 == x: print "ok" else: print "bad" + s = pickle.dumps(r) + print "dumps() RECURSIVE" + x2 = pickle.loads(s) + if x2 == r: print "ok" + else: print "bad" -dotest() + # Test protection against closed files + import tempfile, os + fn = tempfile.mktemp() + f = open(fn, "w") + f.close() + try: + pickle.dump(123, f) + except ValueError: + pass + else: + print "dump to closed file should raise ValueError" + f = open(fn, "r") + f.close() + try: + pickle.load(f) + except ValueError: + pass + else: + print "load from closed file should raise ValueError" + os.remove(fn) + + # Test specific bad cases + for i in range(10): + try: + x = pickle.loads('garyp') + except KeyError, y: + # pickle + del y + except pickle.BadPickleGet, y: + # cPickle + del y + else: + print "unexpected success!" + break + + # Test insecure strings + insecure = ["abc", "2 + 2", # not quoted + "'abc' + 'def'", # not a single quoted string + "'abc", # quote is not closed + "'abc\"", # open quote and close quote don't match + "'abc' ?", # junk after close quote + # some tests of the quoting rules + "'abc\"\''", + "'\\\\a\'\'\'\\\'\\\\\''", + ] + for s in insecure: + buf = "S" + s + "\012p0\012." + try: + x = pickle.loads(buf) + except ValueError: + pass + else: + print "accepted insecure string: %s" % repr(buf) + + +import pickle +dotest(pickle) |