Commit Graph

34 Commits

Author SHA1 Message Date
Eric Soroos
22e9bee4ef Fix DOS in PSDImagePlugin -- CVE-2021-28675
* PSDImagePlugin did not sanity check the number of input layers and
  vs the size of the data block, this could lead to a DOS on
  Image.open prior to Image.load.
* This issue dates to the PIL fork
2021-04-01 17:17:31 +03:00
Andrew Murray
83542c42bf Added context managers 2021-02-11 21:43:54 +11:00
Andrew Murray
77b16efba3 Corrected argument 2020-12-31 16:25:46 +11:00
Andrew Murray
518b783c64 Removed OSError in favour of DecompressionBombError 2020-10-12 19:32:48 +11:00
Hugo van Kemenade
dd87dd50c0 Update to isort 5 with Black profile support 2020-08-08 22:39:29 +03:00
Andrew Murray
b602f365ae Removed PillowTestCase helper class 2020-03-28 12:51:28 +11:00
Andrew Murray
748739c992 Converted addCleanup 2020-03-28 12:20:56 +11:00
Hugo
affade7595 Replace unittest with pytest 2020-02-13 12:15:05 +02:00
Hugo
38bf862185 Replace PillowTestCase.assert_warning with pytest.warns 2020-02-03 11:11:32 +02:00
Jon Dufresne
4cd4adddc3 Improve handling of file resources
Follow Python's file object semantics. User code is responsible for
closing resources (usually through a context manager) in a deterministic
way.

To achieve this, remove __del__ functions. These functions used to
closed open file handlers in an attempt to silence Python
ResourceWarnings. However, using __del__ has the following drawbacks:

- __del__ isn't called until the object's reference count reaches 0.
  Therefore, resource handlers remain open or in use longer than
  necessary.

- The __del__ method isn't guaranteed to execute on system exit. See the
  Python documentation:

  https://docs.python.org/3/reference/datamodel.html#object.__del__

  > It is not guaranteed that __del__() methods are called for objects
  > that still exist when the interpreter exits.

- Exceptions that occur inside __del__ are ignored instead of raised.
  This has the potential of hiding bugs. This is also in the Python
  documentation:

  > Warning: Due to the precarious circumstances under which __del__()
  > methods are invoked, exceptions that occur during their execution
  > are ignored, and a warning is printed to sys.stderr instead.

Instead, always close resource handlers when they are no longer in use.
This will close the file handler at a specified point in the user's code
and not wait until the interpreter chooses to. It is always guaranteed
to run. And, if an exception occurs while closing the file handler, the
bug will not be ignored.

Now, when code receives a ResourceWarning, it will highlight an area
that is mishandling resources. It should not simply be silenced, but
fixed by closing resources with a context manager.

All warnings that were emitted during tests have been cleaned up. To
enable warnings, I passed the `-Wa` CLI option to Python. This exposed
some mishandling of resources in ImageFile.__init__() and
SpiderImagePlugin.loadImageSeries(), they too were fixed.
2019-10-12 08:27:17 -07:00
Jon Dufresne
c50a309a10 Remove duplicate cleanup in test_decompression_bomb.py
The same cleanup is done in the teardDown() method. There is no need to
do it a 2nd time.
2019-10-06 10:24:48 -07:00
Andrew Murray
eed2bfc5b4 Added decompression bomb checks 2019-09-30 18:45:13 +10:00
Jon Dufresne
d50445ff30 Introduce isort to automate import ordering and formatting
Similar to the recent adoption of Black. isort is a Python utility to
sort imports alphabetically and automatically separate into sections. By
using isort, contributors can quickly and automatically conform to the
projects style without thinking. Just let the tool do it.

Uses the configuration recommended by the Black to avoid conflicts of
style.

Rewrite TestImageQt.test_deprecated to no rely on import order.
2019-07-06 16:11:35 -07:00
Hugo
d08475442b Format with Black 2019-06-13 18:53:42 +03:00
Jon Dufresne
4de5477b61 Remove unnecessary unittest.main() boilerplate from test files
With the introduction and use of pytest, it is simple and easy to
execute specific tests in isolation through documented command line
arguments. Either by specifying the module path or through the `-k
EXPRESSION` argument. There is no longer any need to provide the
boilerplate:

    if __name__ == '__main__':
        unittest.main()

To every test file. It is simply noise.

The pattern remains in test files that aren't named with `test_*` as
those files are not discovered and executed by pytest by default.
2019-02-03 10:10:16 -08:00
Jon Dufresne
7da17ad41e Improve pytest configuration to allow specific tests as CLI args
The previous test configuration made it difficult to run a single test
with the pytest CLI. There were two major issues:

- The Tests directory was not a package. It now includes a __init__.py
  file and imports from other tests modules are done with relative
  imports.

- setup.cfg always specified the Tests directory. So even if a specific
  test were specified as a CLI arg, this configuration would also always
  include all tests. This configuration has been removed to allow
  specifying a single test on the command line.

Contributors can now run specific tests with a single command such as:

  $ tox -e py37 -- Tests/test_file_pdf.py::TestFilePdf.test_rgb

This makes it easy and faster to iterate on a single test failure and is
very familiar to those that have previously used tox and pytest.

When running tox or pytest with no arguments, they still discover and
runs all tests in the Tests directory.
2019-01-13 09:00:12 -08:00
Hugo
2389492f96
flake8 2018-09-26 14:09:31 +03:00
dinko
66207b47bc fix _crop and tests 2018-09-05 21:00:35 +02:00
Andrew Murray
c13ccf13a1 Added missing whitespace 2018-03-06 19:53:07 +11:00
Andrew Murray
2202196162 Flake8 blank line fixes 2018-03-04 21:36:33 +11:00
wiredfool
97ee3dd12b
Merge pull request from wiredfool/decompression_bomb_error
Decompression bomb error
2017-12-20 20:31:38 +00:00
Andrew Murray
9e843a2d9b Changed format of lambda calls 2017-09-01 21:05:40 +10:00
wiredfool
544f76b102 Adjust test so that we get warning, not error 2017-06-21 04:04:27 -07:00
wiredfool
1a1a2ed001 Added DecompressionBombError on 2 x pixels of warning, ref 2017-06-21 03:54:48 -07:00
wiredfool
c70977aad7 added decompression bomb check to crop 2017-06-21 02:36:11 -07:00
Andrew Murray
e8cba27bb1 Changed assert checks to more specific versions 2017-06-03 14:04:54 +10:00
homm
1ba4e9e5ba remove end of file banner from all files 2016-07-10 14:11:28 +03:00
hugovk
b929873a62 Change some lena() to hopper() 2014-09-05 12:36:24 +03:00
hugovk
cf04a9a0d2 Remove unused tearDownModule 2014-07-07 20:03:50 +03:00
Alex Clark
2ccd76e66f Fix path 2014-06-23 14:38:03 -04:00
hugovk
282281f1e5 Reset limit in tearDown() 2014-06-23 11:22:25 +03:00
hugovk
7b3e242f09 Convert test_decompression_bomb.py to use unittest module 2014-06-23 11:12:41 +03:00
hugovk
46abe78b77 Use a custom subclass of RuntimeWarning for DecompressionBombWarning 2014-06-23 10:53:08 +03:00
hugovk
fd05e9c756 Test decompression bomb warnings 2014-05-27 12:40:52 +03:00