Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 4a08e7b

Browse filesBrowse files
serhiy-storchakaserhiy-storchaka
authored
gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 (GH-115164)
Feeding the parser by too small chunks defers parsing to prevent CVE-2023-52425. Future versions of Expat may be more reactive.
1 parent 4b75032 commit 4a08e7b
Copy full SHA for 4a08e7b

File tree

2 files changed

+38
-22
lines changed
Filter options

2 files changed

+38
-22
lines changed

‎Lib/test/test_xml_etree.py

Copy file name to clipboardExpand all lines: Lib/test/test_xml_etree.py
+36-22Lines changed: 36 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
import operator
1414
import os
1515
import pickle
16+
import pyexpat
1617
import sys
1718
import textwrap
1819
import types
@@ -120,6 +121,10 @@
120121
</foo>
121122
"""
122123

124+
fails_with_expat_2_6_0 = (unittest.expectedFailure
125+
if pyexpat.version_info >= (2, 6, 0) else
126+
lambda test: test)
127+
123128
def checkwarnings(*filters, quiet=False):
124129
def decorator(test):
125130
def newtest(*args, **kwargs):
@@ -1480,28 +1485,37 @@ def assert_event_tags(self, parser, expected, max_events=None):
14801485
self.assertEqual([(action, elem.tag) for action, elem in events],
14811486
expected)
14821487

1483-
def test_simple_xml(self):
1484-
for chunk_size in (None, 1, 5):
1485-
with self.subTest(chunk_size=chunk_size):
1486-
parser = ET.XMLPullParser()
1487-
self.assert_event_tags(parser, [])
1488-
self._feed(parser, "<!-- comment -->\n", chunk_size)
1489-
self.assert_event_tags(parser, [])
1490-
self._feed(parser,
1491-
"<root>\n <element key='value'>text</element",
1492-
chunk_size)
1493-
self.assert_event_tags(parser, [])
1494-
self._feed(parser, ">\n", chunk_size)
1495-
self.assert_event_tags(parser, [('end', 'element')])
1496-
self._feed(parser, "<element>text</element>tail\n", chunk_size)
1497-
self._feed(parser, "<empty-element/>\n", chunk_size)
1498-
self.assert_event_tags(parser, [
1499-
('end', 'element'),
1500-
('end', 'empty-element'),
1501-
])
1502-
self._feed(parser, "</root>\n", chunk_size)
1503-
self.assert_event_tags(parser, [('end', 'root')])
1504-
self.assertIsNone(parser.close())
1488+
def test_simple_xml(self, chunk_size=None):
1489+
parser = ET.XMLPullParser()
1490+
self.assert_event_tags(parser, [])
1491+
self._feed(parser, "<!-- comment -->\n", chunk_size)
1492+
self.assert_event_tags(parser, [])
1493+
self._feed(parser,
1494+
"<root>\n <element key='value'>text</element",
1495+
chunk_size)
1496+
self.assert_event_tags(parser, [])
1497+
self._feed(parser, ">\n", chunk_size)
1498+
self.assert_event_tags(parser, [('end', 'element')])
1499+
self._feed(parser, "<element>text</element>tail\n", chunk_size)
1500+
self._feed(parser, "<empty-element/>\n", chunk_size)
1501+
self.assert_event_tags(parser, [
1502+
('end', 'element'),
1503+
('end', 'empty-element'),
1504+
])
1505+
self._feed(parser, "</root>\n", chunk_size)
1506+
self.assert_event_tags(parser, [('end', 'root')])
1507+
self.assertIsNone(parser.close())
1508+
1509+
@fails_with_expat_2_6_0
1510+
def test_simple_xml_chunk_1(self):
1511+
self.test_simple_xml(chunk_size=1)
1512+
1513+
@fails_with_expat_2_6_0
1514+
def test_simple_xml_chunk_5(self):
1515+
self.test_simple_xml(chunk_size=5)
1516+
1517+
def test_simple_xml_chunk_22(self):
1518+
self.test_simple_xml(chunk_size=22)
15051519

15061520
def test_feed_while_iterating(self):
15071521
parser = ET.XMLPullParser()

‎Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst

Copy file name to clipboard
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat
2+
2.6.0.

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.