diff options
| author | Stephen Rosen <sirosen@globus.org> | 2019-08-26 19:20:04 -0400 |
|---|---|---|
| committer | Jon Parise <jon@pinterest.com> | 2019-08-26 16:20:04 -0700 |
| commit | d5dafc1490b26fc8109571bd30311c9b729ea8a5 (patch) | |
| tree | 84be8650d9ffe6a2bcde717d3613aa20fb4c2a73 /ChangeLog.rst | |
| parent | 5699c9dfa7067a99000e281091dd6400a1e84122 (diff) | |
| download | pymemcache-d5dafc1490b26fc8109571bd30311c9b729ea8a5.tar.gz | |
Validate cas inputs as strings of digits (#250)
For consideration for v3.0.0
'cas' is documented as needing to be an int or bytestring of the digits
0-9. However, this is not actually enforced and it is possible to pass a
value to pymemcache which doesn't conform to these rules. In fact, you
can do weird things like `cas=b'noreply'` and potentially trigger
"unexpected" behavior.
To go along with validating int inputs, validate cas inputs. However,
these are not necessarily integers. Instead, if an int or string is
given, it will be encoded as a bytestring. But in order to validate the
value given, it is checked against isdigit() .
(NB: You could also use `int(cas)` for very similar checking.)
Rationale for allowing non-integer inputs to cas is not obvious.
Presumably it allows callers using `gets()` to pass the `cas` value they
get back into a `cas` command without issue. But it may be debatable.
Diffstat (limited to 'ChangeLog.rst')
| -rw-r--r-- | ChangeLog.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ChangeLog.rst b/ChangeLog.rst index fb8b628..69702d6 100644 --- a/ChangeLog.rst +++ b/ChangeLog.rst @@ -13,6 +13,9 @@ New in version 3.0.0 (unreleased) as methods. (`serialize` and `deserialize` are still supported but considered deprecated) +* Validate inputs for ``cas`` -- values which are not integers or strings of + 0-9 now raise ``MemcacheIllegalInputError`` + New in version 2.2.2 -------------------- * Fix ``long_description`` string in Python packaging. |