| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion (#96537)
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fix typos in the Lib directory as identified by codespell.
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
(cherry picked from commit 745c9d9dfc1ad6fdfdf1d07420c6273ff67fa5be)
Automerge-Triggered-By: GH:JulienPalard
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of explicitly enumerate test classes for run_unittest()
use the unittest ability to discover tests. This also makes these
tests discoverable and runnable with unittest.
load_tests() can be used for dynamic generating tests and adding
doctests. setUpModule(), tearDownModule() and addModuleCleanup()
can be used for running code before and after all module tests..
(cherry picked from commit 40348acc180580371d25f75f46b27048e35f2435)
|
| |
|
|
|
|
|
| |
ServerProxy. (GH-25057)
(cherry picked from commit c1b073a630bb731de18bb17afb2b8b1388b92a72)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
| |
* Move socket related functions from test.support to socket_helper.
* Import socket, nntplib and urllib.error lazily in transient_internet().
* Remove importing multiprocess.
|
| |
|
|
| |
They now return NotImplemented for unsupported type of the other operand.
|
| |
|
| |
Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.
|
| | |
|
| |
|
| |
Allow to add HTTP headers to XML-RPC requests sent to the server.
|
| | |
|
| |
|
| |
It depended on a global variable set by other tests.
|
| |
|
|
|
|
| |
* Trivial cleanups following bpo-31370
* Also cleanup the "importlib._bootstrap_external" module
|
| |
|
|
| |
Call thread.join() on threads to prevent the "dangling threads"
warning.
|
| |
|
|
|
|
| |
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
|
| |
|
|
|
|
|
|
| |
One test case of test_xmlrpc uses HTTPServer with a subclass of
BaseHTTPRequestHandler. The BaseRequestHandler class logs to
sys.stderr by default. Override log_message() to not clobber
test output.
Signed-off-by: Christian Heimes <christian@python.org>
|
| | |
|
| |
|
|
| |
(or any other exception) to exception(s) raised in the dispatched methods.
Patch by Petr Motejlek.
|
| |
|
|
| |
as decorator (GH-231)
|
| |
|
|
| |
by Apache XML-RPC implementation for numerics and None.
|
| |
|
|
|
|
|
| |
And most of the tools.
Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
|
| | |
|
| | |
|
| |\
| |
| |
| | |
instead of silently return incorrect result.
|
| | |
| |
| |
| | |
instead of silently return incorrect result.
|
| | | |
|
| |/ |
|
| |
|
|
|
| |
This is a regression introduced in 3.5 by revision eba80326ba53. Fix by Jelte
Fennema, test case by me.
|
| |
|
|
| |
non-UTF-8 encoding.
|
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| |\ \
| |/ |
|
| | |\ |
|
| | | |\ |
|
| | | | |
| | | |
| | | |
| | | | |
(closes #16043)
|
| |\ \ \ \
| |/ / / |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
when contain an id in form " at 0x...".
|
| |/ / /
| | |
| | |
| | | |
Patch by Claudiu Popa.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
time.xmlrpc.com has come and gone over the years, and has been gone again for
a while. The test did test one thing that the current xmlrpc tests don't: the
use of multiple levels of attribute names in the call. So in addition to
removing the network test, we add a test in xmlrpc of dotted name access.
There should also be a test for when dotted name access is disallowed, but
that requires more extensive test harness refactoring, and in any case was not
tested by the network test we are deleting, since it is a server-side setting.
This is a slightly simplified version of a patch by Vajrasky Kok.
|
| |\ \ \
| |/ / |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
reaped in all situations.
|
| | | |
| | |
| | |
| | | |
unittest.main().
|
| |/ / |
|
| | | |
|
| |\ \
| |/
| |
| | |
upon malformed POST request.
|
| | |\
| | |
| | |
| | | |
upon malformed POST request.
|
