python-PyMySQL/CVE-2024-36039.patch

Index: PyMySQL-1.0.3/pymysql/converters.py
===================================================================
--- PyMySQL-1.0.3.orig/pymysql/converters.py
+++ PyMySQL-1.0.3/pymysql/converters.py
@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=No
 
 
 def escape_dict(val, charset, mapping=None):
-    n = {}
-    for k, v in val.items():
-        quoted = escape_item(v, charset, mapping)
-        n[k] = quoted
-    return n
+    raise TypeError("dict can not be used as parameter")
 
 
 def escape_sequence(val, charset, mapping=None):
Index: PyMySQL-1.0.3/pymysql/tests/test_connection.py
===================================================================
--- PyMySQL-1.0.3.orig/pymysql/tests/test_connection.py
+++ PyMySQL-1.0.3/pymysql/tests/test_connection.py
@@ -790,13 +790,16 @@ class TestEscape(base.PyMySQLTestCase):
 
         self.assertRaises(TypeError, con.escape, 42, {})
 
-    def test_escape_dict_value(self):
+    def test_escape_dict_raise_typeerror(self):
+        """con.escape(dict) should raise TypeError"""
         con = self.connect()
         cur = con.cursor()
 
         mapping = con.encoders.copy()
         mapping[Foo] = escape_foo
-        self.assertEqual(con.escape({"foo": Foo()}, mapping), {"foo": "bar"})
+        # self.assertEqual(con.escape({"foo": Foo()}, mapping), {"foo": "bar"})
+        with self.assertRaises(TypeError):
+            con.escape({"foo": Foo()})
 
     def test_escape_list_item(self):
         con = self.connect()
Sync from SUSE:ALP:Source:Standard:1.0 python-PyMySQL revision 31b30d614ef9d0a834002db6263584db 2024-11-15 10:48:45 +01:00			`Index: PyMySQL-1.0.3/pymysql/converters.py`
			`===================================================================`
			`--- PyMySQL-1.0.3.orig/pymysql/converters.py`
			`+++ PyMySQL-1.0.3/pymysql/converters.py`
			`@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=No`


			`def escape_dict(val, charset, mapping=None):`
			`- n = {}`
			`- for k, v in val.items():`
			`- quoted = escape_item(v, charset, mapping)`
			`- n[k] = quoted`
			`- return n`
			`+ raise TypeError("dict can not be used as parameter")`


			`def escape_sequence(val, charset, mapping=None):`
			`Index: PyMySQL-1.0.3/pymysql/tests/test_connection.py`
			`===================================================================`
			`--- PyMySQL-1.0.3.orig/pymysql/tests/test_connection.py`
			`+++ PyMySQL-1.0.3/pymysql/tests/test_connection.py`
			`@@ -790,13 +790,16 @@ class TestEscape(base.PyMySQLTestCase):`

			`self.assertRaises(TypeError, con.escape, 42, {})`

			`- def test_escape_dict_value(self):`
			`+ def test_escape_dict_raise_typeerror(self):`
			`+ """con.escape(dict) should raise TypeError"""`
			`con = self.connect()`
			`cur = con.cursor()`

			`mapping = con.encoders.copy()`
			`mapping[Foo] = escape_foo`
			`- self.assertEqual(con.escape({"foo": Foo()}, mapping), {"foo": "bar"})`
			`+ # self.assertEqual(con.escape({"foo": Foo()}, mapping), {"foo": "bar"})`
			`+ with self.assertRaises(TypeError):`
			`+ con.escape({"foo": Foo()})`

			`def test_escape_list_item(self):`
			`con = self.connect()`