commit be467e5c69515c355982e41d90762a31f2d3f75b
author Jeremy Hylton <jeremy@alum.mit.edu> Fri Sep 15 15:14:51 2000 +0000
committer Jeremy Hylton <jeremy@alum.mit.edu> Fri Sep 15 15:14:51 2000 +0000
tree 82e62b2aa1d370258dd72c41fcce76835e5180f4
parent a647f577f00647063f1e29be75b2b3b8207fc3d0

Fix Bug #114293:
    Strings are unpickled by calling eval on the string's repr. This
    change makes pickle work like cPickle; it checks if the pickled
    string is safe to eval and raises ValueError if it is not.

test suite modifications:
    Verify that pickle catches a variety of insecure string pickles
    Make test_pickle and test_cpickle use exactly the same test suite
    Add test for pickling recursive object

Lib/test/test_pickle.py

diff --git a/Lib/test/test_pickle.py b/Lib/test/test_pickle.py
index 8fb534d..ff9c467 100644
--- a/Lib/test/test_pickle.py
+++ b/Lib/test/test_pickle.py
@@ -1,5 +1,6 @@
 # Test the pickle module
 
+# break into multiple strings to please font-lock-mode
 DATA = """(lp0
 I0
 aL1L
@@ -7,17 +8,20 @@
 ac__builtin__
 complex
 p1
-(F3.0
+""" \
+"""(F3.0
 F0.0
 tp2
 Rp3
 a(S'abc'
 p4
 g4
-(i__main__
+""" \
+"""(i__main__
 C
 p5
-(dp6
+""" \
+"""(dp6
 S'foo'
 p7
 I1
@@ -33,8 +37,6 @@
 
 BINDATA = ']q\000(K\000L1L\012G@\000\000\000\000\000\000\000c__builtin__\012complex\012q\001(G@\010\000\000\000\000\000\000G\000\000\000\000\000\000\000\000tq\002Rq\003(U\003abcq\004h\004(c__main__\012C\012q\005oq\006}q\007(U\003fooq\010K\001U\003barq\011K\002ubh\006tq\012h\012K\005e.'
 
-import pickle
-
 class C:
     def __cmp__(self, other):
         return cmp(self.__dict__, other.__dict__)
@@ -42,7 +44,7 @@
 import __main__
 __main__.C = C
 
-def dotest():
+def dotest(pickle):
     c = C()
     c.foo = 1
     c.bar = 2
@@ -51,6 +53,8 @@
     x.append(y)
     x.append(y)
     x.append(5)
+    r = []
+    r.append(r)
     print "dumps()"
     s = pickle.dumps(x)
     print "loads()"
@@ -71,5 +75,66 @@
     x2 = pickle.loads(BINDATA)
     if x2 == x: print "ok"
     else: print "bad"
+    s = pickle.dumps(r)
+    print "dumps() RECURSIVE"
+    x2 = pickle.loads(s)
+    if x2 == r: print "ok"
+    else: print "bad"
 
-dotest()
+    # Test protection against closed files
+    import tempfile, os
+    fn = tempfile.mktemp()
+    f = open(fn, "w")
+    f.close()
+    try:
+        pickle.dump(123, f)
+    except ValueError:
+        pass
+    else:
+        print "dump to closed file should raise ValueError"
+    f = open(fn, "r")
+    f.close()
+    try:
+        pickle.load(f)
+    except ValueError:
+        pass
+    else:
+        print "load from closed file should raise ValueError"
+    os.remove(fn)
+
+    # Test specific bad cases
+    for i in range(10):
+        try:
+            x = pickle.loads('garyp')
+        except KeyError, y:
+            # pickle
+            del y
+        except pickle.BadPickleGet, y:
+            # cPickle
+            del y
+        else:
+            print "unexpected success!"
+            break
+
+    # Test insecure strings
+    insecure = ["abc", "2 + 2", # not quoted
+                "'abc' + 'def'", # not a single quoted string
+                "'abc", # quote is not closed
+                "'abc\"", # open quote and close quote don't match
+                "'abc'   ?", # junk after close quote
+                # some tests of the quoting rules
+                "'abc\"\''",
+                "'\\\\a\'\'\'\\\'\\\\\''",
+                ]
+    for s in insecure:
+        buf = "S" + s + "\012p0\012."
+        try:
+            x = pickle.loads(buf)
+        except ValueError:
+            pass
+        else:
+            print "accepted insecure string: %s" % repr(buf)
+        
+
+import pickle
+dotest(pickle)