summaryrefslogtreecommitdiff
path: root/tests/serializers/test_deserialization.py
AgeCommit message (Collapse)Author
2026-01-18Applied Black's 2026 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/26.1.0
2026-01-12Refs #36769 -- Raised SuspiciousOperation for unexpected nested tags in XML ↵Jacob Walls
Deserializer. Thanks Shai Berger and Natalia Bidart for reviews.
2025-12-02Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation in XML ↵Shai Berger
serializer. Previously, `getInnerText()` recursively used `list.extend()` on strings, which added each character from child nodes as a separate list element. On deeply nested XML content, this caused the overall deserialization work to grow quadratically with input size, potentially allowing disproportionate CPU consumption for crafted XML. The fix separates collection of inner texts from joining them, so that each subtree is joined only once, reducing the complexity to linear in the size of the input. These changes also include a mitigation for a xml.dom.minidom performance issue. Thanks Seokchan Yoon (https://ch4n3.kr/) for report. Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2024-09-19Refs #29522 -- Fixed serializers/fixtures test crash if PyYAML isn't installed.Mariusz Felisiak
2024-09-17Fixed #29522 -- Refactored the Deserializer functions to classes.Amir Karimi
Co-authored-by: Emad Mokhtar <emad.mokhtar@veneficus.nl>