Removed the securetypes stuff.
The hash fix has been released, so this can all go away.
This commit is contained in:
Julian Berman
12
README.rst
12
README.rst
@@ -73,18 +73,6 @@ version in the future when it is superceeded is undecided, so if you want to be
|
||||
safe, *explicitly* declare which version to use when validating.
|
||||
|
||||
|
||||
A Quick Word on uniqueItems
|
||||
---------------------------
|
||||
|
||||
Validating schemas with the ``uniqueItems`` property can leave you open to
|
||||
algorithmic complexity attacks. This may change in the future. For now,
|
||||
``jsonschema`` will warn you if you use ``uniqueItems`` without using the
|
||||
`Securetypes <http://github.com/ludios/Securetypes>`_ module, but will proceed
|
||||
anyhow if it couldn't be imported.
|
||||
|
||||
You can also keep tabs on `http://bugs.python.org/issue13703`_.
|
||||
|
||||
|
||||
Contributing and Contact Info
|
||||
-----------------------------
|
||||
|
||||
|
||||
@@ -17,39 +17,32 @@ import re
|
||||
import types
|
||||
import warnings
|
||||
|
||||
try:
|
||||
from securetypes import securedict
|
||||
_uniq = securedict.fromkeys
|
||||
except ImportError:
|
||||
_uniq = set
|
||||
securedict = False
|
||||
finally:
|
||||
def _all_uniq(container, _uniq=_uniq):
|
||||
"""
|
||||
Check if all of a container's elements are unique.
|
||||
def _uniq(container):
|
||||
"""
|
||||
Check if all of a container's elements are unique.
|
||||
|
||||
Successively tries first to rely that the elements are hashable, then
|
||||
falls back on them being sortable, and finally falls back on brute
|
||||
force.
|
||||
Successively tries first to rely that the elements are hashable, then
|
||||
falls back on them being sortable, and finally falls back on brute
|
||||
force.
|
||||
|
||||
"""
|
||||
"""
|
||||
|
||||
try:
|
||||
return len(set(container)) == len(container)
|
||||
except TypeError:
|
||||
try:
|
||||
return len(_uniq(container)) == len(container)
|
||||
except TypeError:
|
||||
try:
|
||||
sort = sorted(container)
|
||||
sliced = itertools.islice(container, 1, None)
|
||||
for i, j in itertools.izip(container, sliced):
|
||||
if i == j:
|
||||
return False
|
||||
except (NotImplementedError, TypeError):
|
||||
seen = []
|
||||
for e in container:
|
||||
if e in seen:
|
||||
return False
|
||||
seen.append(e)
|
||||
return True
|
||||
sort = sorted(container)
|
||||
sliced = itertools.islice(container, 1, None)
|
||||
for i, j in itertools.izip(container, sliced):
|
||||
if i == j:
|
||||
return False
|
||||
except (NotImplementedError, TypeError):
|
||||
seen = []
|
||||
for e in container:
|
||||
if e in seen:
|
||||
return False
|
||||
seen.append(e)
|
||||
return True
|
||||
|
||||
|
||||
__version__ = "0.2"
|
||||
@@ -472,17 +465,7 @@ class Validator(object):
|
||||
self.error(u"%r is too long" % (instance,))
|
||||
|
||||
def validate_uniqueItems(self, uI, instance, schema):
|
||||
if not securedict:
|
||||
warnings.warn( # I hate seeing the warning line in the output
|
||||
""
|
||||
"\nIf you're validating schemas with the 'uniqueItems' "
|
||||
"property, the 'securetypes' module is highly recommended.\n"
|
||||
"Without it, you're vulnerable to algorithmic complexity "
|
||||
"attacks.\n\nProceeding anyway. "
|
||||
"See https://github.com/ludios/Securetypes for details."
|
||||
)
|
||||
|
||||
if uI and self.is_type(instance, "array") and not _all_uniq(instance):
|
||||
if uI and self.is_type(instance, "array") and not _uniq(instance):
|
||||
self.error(u"%r has non-unique elements" % instance)
|
||||
|
||||
def validate_pattern(self, patrn, instance, schema):
|
||||
|
||||
48
tests.py
48
tests.py
@@ -9,12 +9,6 @@ if sys.version_info[:2] < (2, 7): # pragma: no cover
|
||||
else:
|
||||
import unittest
|
||||
|
||||
try:
|
||||
securedict = None
|
||||
from securetypes import securedict
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
from jsonschema import SchemaError, ValidationError, validate
|
||||
|
||||
|
||||
@@ -409,7 +403,7 @@ class TestValidate(unittest.TestCase):
|
||||
("ignores_strings", "valid", "aaaa"),
|
||||
)(validation_test(maxItems=2))
|
||||
|
||||
@parametrized(
|
||||
uniqueItems = parametrized(
|
||||
("unique", "valid", [1, 2]),
|
||||
("not_unique", "invalid", [1, 1]),
|
||||
("object_unique", "valid", [{"foo" : "bar"}, {"foo" : "baz"}]),
|
||||
@@ -424,45 +418,7 @@ class TestValidate(unittest.TestCase):
|
||||
{"foo" : {"bar" : {"baz" : "quux"}}},
|
||||
{"foo" : {"bar" : {"baz" : "quux"}}},
|
||||
])
|
||||
)
|
||||
def uniqueItems(self, expect, instance):
|
||||
import jsonschema
|
||||
jsonschema._uniq
|
||||
|
||||
try:
|
||||
old, jsonschema._uniq = jsonschema._uniq, set
|
||||
test = validation_test(uniqueItems=True)
|
||||
test(self, expect, instance)
|
||||
finally:
|
||||
jsonschema._uniq = old
|
||||
|
||||
if securedict:
|
||||
@parametrized(
|
||||
("unique", "valid", [1, 2]),
|
||||
("not_unique", "invalid", [1, 1]),
|
||||
("object_unique", "valid", [{"foo" : "bar"}, {"foo" : "baz"}]),
|
||||
("object_not_unique", "invalid", [{"foo" : "bar"}, {"foo" : "bar"}]),
|
||||
("array_unique", "valid", [["foo"], ["bar"]]),
|
||||
("array_not_unique", "invalid", [["foo"], ["foo"]]),
|
||||
("nested", "valid", [
|
||||
{"foo" : {"bar" : {"baz" : "quux"}}},
|
||||
{"foo" : {"bar" : {"baz" : "spam"}}},
|
||||
]),
|
||||
("nested_not_unique", "invalid", [
|
||||
{"foo" : {"bar" : {"baz" : "quux"}}},
|
||||
{"foo" : {"bar" : {"baz" : "quux"}}},
|
||||
])
|
||||
)
|
||||
def uniqueItems_securedict(self, expect, instance):
|
||||
import jsonschema
|
||||
jsonschema._uniq
|
||||
|
||||
try:
|
||||
old, jsonschema._uniq = jsonschema._uniq, securedict.fromkeys
|
||||
test = validation_test(uniqueItems=True)
|
||||
test(self, expect, instance)
|
||||
finally:
|
||||
jsonschema._uniq = old
|
||||
)(validation_test(uniqueItems=True))
|
||||
|
||||
pattern = parametrized(
|
||||
("match", "valid", u"aaa"),
|
||||
|
||||
Reference in New Issue
Block a user