summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_json
Commit message (Collapse)AuthorAgeFilesLines
* [3.8] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96503)Gregory P. Smith2022-09-051-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Correctly pre-check for int-to-str conversion Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =) The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact. The justification for the current check. The C code check is: ```c max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10 ``` In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is: $$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$ From this it follows that $$\frac{M}{3L} < \frac{s-1}{10}$$ hence that $$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$ So $$2^{L(s-1)} > 10^M.$$ But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check. <!-- gh-issue-number: gh-95778 --> * Issue: gh-95778 <!-- /gh-issue-number --> Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Christian Heimes <christian@python.org> Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
* [3.8] bpo-39828: Fix json.tool to catch BrokenPipeError (GH-18779). (GH-18894)Dong-hee Na2020-03-101-0/+11
| | | | | | | (cherry picked from commit 700cb587303461d5a96456c56902cfdd8ad50e2d) Co-authored-by: Dong-hee Na <donghee.na92@gmail.com> Automerge-Triggered-By: @vstinner
* bpo-33684: json.tool: Use utf-8 for infile and outfile. (GH-17460)Miss Islington (bot)2019-12-041-3/+18
| | | | | (cherry picked from commit 808769f3a4cbdc47cf1a5708dd61b1787bb192d4) Co-authored-by: Inada Naoki <songofacandy@gmail.com>
* bpo-37805: Add tests for json.dump(..., skipkeys=True) (GH-15489)Miss Islington (bot)2019-08-261-0/+10
| | | | | | | | https://bugs.python.org/issue37805 Automerge-Triggered-By: @methane (cherry picked from commit 44cd86bbdddb1f7b05deba2c1986a1e98f992429) Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
* bpo-33461: emit DeprecationWarning when json.loads(encoding=...) is used ↵Matthias Bussonnier2019-04-091-0/+4
| | | | (GH-6762)
* bpo-31553: add --json-lines option to json.tool (#10051)HongWeipeng2018-11-071-0/+29
| | | | | | | | | | * add jsonlines option to json.tool * code review * fix:avoid read infile after it close * improve doc in whatsnew 3.8
* bpo-30877: Fix clearing a cache in the the JSON decoder. (GH-7048)Serhiy Storchaka2018-05-221-1/+3
|
* bpo-6986: Add a comment to clarify a test of _json.make_encoder(). (GH-3789)Oren Milman2018-03-261-0/+2
|
* bpo-24641: Improved error message for JSON unserializible keys. (#4364)Serhiy Storchaka2017-11-251-5/+8
| | | | | Also updated an example for default() in the module docstring. Removed quotes around type name in other error messages.
* bpo-31505: Fix an assertion failure in json, in case _json.make_encoder() ↵Oren Milman2017-09-241-0/+21
| | | | received a bad encoder() argument. (#3643)
* bpo-30936: Fix a reference leak in json when fail to sort keys. (#2712)Serhiy Storchaka2017-07-161-0/+4
|
* bpo-30911: Add tests for bad boolean arguments for accelerated json (#2690)Serhiy Storchaka2017-07-131-0/+22
| | | encoder and decoder.
* bpo-29919: Remove unused imports found by pyflakes (#137)Victor Stinner2017-03-271-1/+1
| | | Make also minor PEP8 coding style fixes on modified imports.
* Fix stderr bug in json.tool test (#346)Daniel Himmelstein2017-03-151-5/+4
| | | See https://github.com/python/cpython/pull/201#discussion_r103229425.
* Issue #28541: Improve test coverage for encoding detection in json library.Serhiy Storchaka2016-10-301-0/+13
| | | | Original patch by Eric Appelt.
* Issue #17909: Accept binary input in json.loadsNick Coghlan2016-09-102-6/+14
| | | | | | | json.loads (and hence json.load) now support binary input encoded as UTF-8, UTF-16 or UTF-32. Patch by Serhiy Storchaka.
* Issue #27993: Merge plural fixes from 3.5Martin Panter2016-09-071-1/+1
|\
| * Issue #27993: Fix problems with plural objects in docs and commentsMartin Panter2016-09-071-1/+1
| |
* | Remove more unused imports in tests.Serhiy Storchaka2016-04-241-1/+0
| |
* | Issue #23277: Remove unused sys and os importsBerker Peksag2016-04-241-1/+0
|/ | | | Patch by Jon Dufresne.
* Issue #24683: Fixed crashes in _json functions called with arguments ofSerhiy Storchaka2015-07-261-0/+6
|\ | | | | | | inappropriate type.
| * Issue #24683: Fixed crashes in _json functions called with arguments ofSerhiy Storchaka2015-07-261-0/+6
| | | | | | | | inappropriate type.
* | Issue #19235: Add new RecursionError exception. Patch by Georg Brandl.Yury Selivanov2015-07-031-6/+6
| |
* | Issue #9517: Move script_helper to the support package.Berker Peksag2015-05-061-1/+1
| | | | | | | | Patch by Christie Wilson.
* | merge 3.4 (#24094)Benjamin Peterson2015-05-031-0/+19
|\ \ | |/
| * merge 3.3 (#24094)Benjamin Peterson2015-05-031-0/+19
| |\
| | * just sort the items tuple directly (closes #24094)Benjamin Peterson2015-05-031-0/+19
| | |
* | | merge 3.4Benjamin Peterson2015-02-021-1/+2
|\ \ \ | |/ /
| * | merge 3.3Benjamin Peterson2015-02-021-1/+2
| |\ \ | | |/
| | * reduce memory usage of test (closes #23369)Benjamin Peterson2015-02-021-1/+2
| | |
* | | merge 3.4Benjamin Peterson2015-02-011-1/+0
|\ \ \ | |/ /
| * | merge 3.3Benjamin Peterson2015-02-011-1/+0
| |\ \ | | |/
| | * remove extra wsBenjamin Peterson2015-02-011-1/+0
| | |
* | | merge 3.4 (#23369)Benjamin Peterson2015-02-011-1/+8
|\ \ \ | |/ /
| * | merge 3.3 (#23369)Benjamin Peterson2015-02-011-1/+8
| |\ \ | | |/
| | * fix possible overflow in encode_basestring_ascii (closes #23369)Benjamin Peterson2015-02-011-1/+8
| | |
* | | Issue #19361: JSON decoder now raises JSONDecodeError instead of ValueError.Serhiy Storchaka2015-01-264-23/+50
| | |
* | | Issue #23206: Make ``json.dumps(..., ensure_ascii=False)`` as fast as the ↵Antoine Pitrou2015-01-111-3/+0
| | | | | | | | | | | | default case of ``ensure_ascii=True``. Patch by Naoki Inada.
* | | Issue #21650: Add an `--sort-keys` option to json.tool CLI.Berker Peksag2014-11-101-1/+32
| | |
* | | Closes #22002: Merge with 3.4Zachary Ware2014-07-231-15/+4
|\ \ \ | |/ /
| * | Issue #22002: Make full use of test discovery in test sub-packages.Zachary Ware2014-07-231-15/+4
| | | | | | | | | | | | | | | | | | Adds `load_package_tests` function to test.support, uses it in test_asyncio, test_email, test_json, test_tools, test_importlib and all test_importlib sub-packages to implement test discovery.
* | | merge 3.4Benjamin Peterson2014-04-141-0/+4
|\ \ \ | |/ /
| * | merge 3.3Benjamin Peterson2014-04-141-0/+4
| |\ \ | | |/
| | * merge 3.2Benjamin Peterson2014-04-141-0/+4
| | |
* | | improve the command-line interface of json.tool (closes #21000)Benjamin Peterson2014-03-221-0/+8
|/ / | | | | | | A patch from Berker Peksag.
* | Issue #11489: JSON decoder now accepts lone surrogates.Serhiy Storchaka2013-11-261-4/+47
|\ \ | |/
| * Issue #11489: JSON decoder now accepts lone surrogates.Serhiy Storchaka2013-11-261-4/+47
| |
* | #18958: Improve error message for json.load(s) while passing a string that ↵Ezio Melotti2013-10-201-0/+14
| | | | | | | | starts with a UTF-8 BOM.
* | #19307: Improve error message for json.load(s) while passing objects of the ↵Ezio Melotti2013-10-201-1/+8
| | | | | | | | wrong type.
* | Close #18745: Improve enum tests in test_json for infinities and NaN.Ethan Furman2013-09-021-5/+44
| |
generated by cgit v0.12 at 2025-04-18 05:20:19 (GMT)