YuvalElbar6:security/cookiejar-restrict-pickle - Branch - aio-libs/aiohttp

Security: restrict pickle deserialization in CookieJar.load()

#12091

Comparing

YuvalElbar6:security/cookiejar-restrict-pickle

(

86177df

) with

master

(

eaeba86

)

Untouched: 59

Ignored: 7

Benchmarks

66 total

test_web_response_with_bytes_body

tests/test_benchmarks_web_response.py

+2%

540.8 µs532.8 µs

test_simple_web_response

tests/test_benchmarks_web_response.py

+1%

449.1 µs442.7 µs

test_read_one_hundred_websocket_text_messages[pyloop]

tests/test_benchmarks_http_websocket.py

+1%

214.3 µs212.4 µs

test_web_response_with_text_body

tests/test_benchmarks_web_response.py

+1%

680.5 µs676.4 µs

test_load_cookies_into_temp_cookiejar

tests/test_benchmarks_cookiejar.py

+1%

190.3 µs189.2 µs

test_send_one_hundred_websocket_text_messages[pyloop]

tests/test_benchmarks_http_websocket.py

+1%

597.3 µs593.9 µs

test_serialize_headers

tests/test_benchmarks_http_writer.py

+1%

853.5 µs849.1 µs

test_one_hundred_simple_get_requests_no_session[pyloop]

tests/test_benchmarks_client.py

88.1 ms87.8 ms

test_ten_streamed_responses_iter_chunks[pyloop]

tests/test_benchmarks_client.py

16.3 ms16.2 ms

test_ten_streamed_responses_iter_chunked_65536[pyloop]

tests/test_benchmarks_client.py

23.1 ms23 ms

test_web_response_with_headers

tests/test_benchmarks_web_response.py

688.1 µs685.9 µs

test_simple_web_file_response_not_modified[pyloop]

tests/test_benchmarks_web_fileresponse.py

55.5 ms55.3 ms

test_send_one_hundred_websocket_compressed_messages[zlib_ng.zlib_ng-pyloop]

tests/test_benchmarks_http_websocket.py

2 ms2 ms

test_simple_web_file_response[pyloop]

tests/test_benchmarks_web_fileresponse.py

78.8 ms78.6 ms

test_send_one_hundred_large_websocket_text_messages[pyloop]

tests/test_benchmarks_http_websocket.py

578.3 µs577.6 µs

test_one_thousand_large_round_trip_websocket_text_messages[pyloop]

tests/test_benchmarks_client_ws.py

21.5 ms21.5 ms

test_send_one_hundred_websocket_compressed_messages[zlib-pyloop]

tests/test_benchmarks_http_websocket.py

3 ms3 ms

test_client_request_update_cookies[pyloop]

tests/test_benchmarks_client_request.py

144.4 µs144.3 µs

test_simple_web_file_sendfile_fallback_response[pyloop]

tests/test_benchmarks_web_fileresponse.py

84.9 ms84.8 ms

test_one_hundred_get_requests_with_30000_chunked_payload[pyloop]

tests/test_benchmarks_client.py

41.2 ms41.1 ms

test_one_hundred_get_requests_with_1024_chunked_payload[pyloop]

tests/test_benchmarks_client.py

36 ms36 ms

test_send_one_hundred_websocket_compressed_messages[isal.isal_zlib-pyloop]

tests/test_benchmarks_http_websocket.py

4.6 ms4.6 ms

test_get_request_with_251308_compressed_chunked_payload[zlib-pyloop]

tests/test_benchmarks_client.py

426.9 ms426.8 ms

test_get_request_with_251308_compressed_chunked_payload[zlib_ng.zlib_ng-pyloop]

tests/test_benchmarks_client.py

207.9 ms207.9 ms

test_client_send_large_websocket_compressed_messages[zlib-pyloop]

tests/test_benchmarks_client_ws.py

50.7 ms50.7 ms

Commits

Click on a commit to change the comparison range

Base

master

eaeba86

-0.01%

[pre-commit.ci] auto fixes from pre-commit.com hooks

2c899ef

21 hours ago

by pre-commit-ci[bot]

-0.28%

Add towncrier changelog fragment for CookieJar security fix

4928513

21 hours ago

by YuvalElbar6

+0.28%

Fix spelling in changelog fragment: deserialized -> loaded

86177df

20 hours ago

by YuvalElbar6

Home Terms Privacy Docs