Configure the JSON decoder for safer parsing

4 years ago · 81b0b849bd
8 changed files with 14 additions and 7 deletions
--- a/setup.py
+++ b/setup.py
@ -30,7 +30,7 @@ setup(
    platforms='any',
    install_requires=[
        'bidict>=0.21.0',
-        'python-engineio>=4',
+        'python-engineio>=4.1.0',
    ],
    extras_require={
        'client': [
--- a/socketio/asyncio_pubsub_manager.py
+++ b/socketio/asyncio_pubsub_manager.py
@ -1,7 +1,7 @@
 from functools import partial
 import uuid
-import json
+from engineio import json
 import pickle
 from .asyncio_manager import AsyncManager
--- a/socketio/packet.py
+++ b/socketio/packet.py
@ -1,5 +1,5 @@
 import functools
-import json as _json
+from engineio import json as _json
 (CONNECT, DISCONNECT, EVENT, ACK, CONNECT_ERROR, BINARY_EVENT, BINARY_ACK) = \
    (0, 1, 2, 3, 4, 5, 6)
@ -79,6 +79,8 @@ class Packet(object):
        self.data = None
        ep = ep[1:]
        dash = ep.find('-')
        if dash > 10:
            raise ValueError('too many attachments')
        attachment_count = 0
        if dash > 0 and ep[0:dash].isdigit():
            attachment_count = int(ep[0:dash])
--- a/socketio/pubsub_manager.py
+++ b/socketio/pubsub_manager.py
@ -1,7 +1,7 @@
 from functools import partial
 import uuid
-import json
+from engineio import json
 import pickle
 from .base_manager import BaseManager
--- a/tests/asyncio/test_asyncio_server.py
+++ b/tests/asyncio/test_asyncio_server.py
@ -1,10 +1,10 @@
 import asyncio
 import json
 import logging
 import sys
 import unittest
 from unittest import mock
 from engineio import json
 import pytest
 from socketio import asyncio_server
--- a/tests/common/test_client.py
+++ b/tests/common/test_client.py
@ -1,10 +1,10 @@
 import json
 import logging
 import sys
 import unittest
 from unittest import mock
 from engineio import exceptions as engineio_exceptions
 from engineio import json
 from engineio import packet as engineio_packet
 import pytest
--- a/tests/common/test_packet.py
+++ b/tests/common/test_packet.py
@ -165,6 +165,7 @@ class TestPacket(unittest.TestCase):
    def test_decode_id_too_long(self):
        with pytest.raises(ValueError):
            packet.Packet(encoded_packet='2' + '1' * 101)
        with pytest.raises(ValueError):
            packet.Packet(encoded_packet='2' + '1' * 101 + '["foo"]')
    def test_encode_id_no_data(self):
@ -258,6 +259,10 @@ class TestPacket(unittest.TestCase):
        with pytest.raises(ValueError):
            pkt.add_attachment(b'123')
    def test_decode_attachment_count_too_long(self):
        with pytest.raises(ValueError):
            packet.Packet(encoded_packet='6' + ('1' * 11) + '-{"a":"123}')
    def test_data_is_binary_list(self):
        pkt = packet.Packet()
        assert not pkt._data_is_binary(['foo'])
--- a/tests/common/test_server.py
+++ b/tests/common/test_server.py
@ -1,8 +1,8 @@
 import json
 import logging
 import unittest
 from unittest import mock
 from engineio import json
 import pytest
 from socketio import exceptions