Skip to content

Some updates#3

Merged
jonathangreen merged 1 commit into
mainfrom
feature/build-updates
Nov 14, 2024
Merged

Some updates#3
jonathangreen merged 1 commit into
mainfrom
feature/build-updates

Conversation

@jonathangreen

Copy link
Copy Markdown
Owner

No description provided.

@jonathangreen jonathangreen merged commit 827e388 into main Nov 14, 2024
@jonathangreen jonathangreen deleted the feature/build-updates branch November 14, 2024 11:10
jonathangreen added a commit that referenced this pull request May 4, 2026
Code-review pass #3 over the full series. No new behavior on the
crypto path; tightens cleanup correctness in one place and removes
several small bits of friction surfaced by the review.

src/enc.c (_encrypt_xml):
- On xmlsec failure with a detached template, free ``copied`` only
  when its ->parent is NULL. xmlDocCopyNode sets ->doc but does NOT
  attach the new node into node_doc's tree, so xmlFreeDoc would NOT
  cover an orphaned ``copied`` and we'd leak. After successful
  xmlReplaceNode / xmlAddChild inside xmlsec, libxml2 always sets
  ->parent — to the doc itself for a root replacement, to the
  parent element otherwise — so a NULL parent here precisely means
  "xmlsec failed before attaching, we own the cleanup." This avoids
  both the leak and the double-free risks of the prior either-or
  choice.

src/xmlsec/_bridge.py (replace_in_place):
- Stop overwriting target.tail with source.tail. The tail lives in
  the parent's sibling chain, not in the post-op subtree, and every
  caller either had to save/restore it (encrypt_binary,
  encrypt_uri) or got lucky because source.tail happened to match
  (sign, decrypt). Document the new contract explicitly. Drop the
  matching tail-clobber from replace_in_place_preserving_path.
- Tighten the _is_live_root docstring: detached lxml elements stay
  "live" via getroottree(), so this check only filters fully-
  invalidated proxies as a safety net for the relevance test in
  expand_tree_id_specs. The previous wording oversold what it
  caught.

src/xmlsec/__init__.py:
- Drop the now-unnecessary original_tail save/restore in
  encrypt_binary and encrypt_uri.
- Drop ``copy.deepcopy`` calls when splicing post-op elements back
  into the user's tree. ``new_tree`` is local to each call and
  never reused, so handing the located element to ``_setroot`` /
  ``parent.replace`` reparents it cleanly. Dropping the deepcopies
  also drops the ``import copy``.
- Type=Content return now skips comments / PIs: ``for child in node``
  iterates non-element children too, and while xmlsec normally
  leaves a single <EncryptedData>, filtering with
  ``isinstance(child.tag, str)`` makes the contract explicit.

src/xmlsec/template.py (_check_transform):
- Replace the ``type(transform).__name__ == '__Transform'`` duck-
  type check with ``isinstance(transform, _TRANSFORM_CLS)`` where
  ``_TRANSFORM_CLS`` is recovered once at module load via
  ``type(_consts.TransformExclC14N)``. The C extension does not
  export the type by name on the constants module, but every
  transform constant is an instance of it, so this gives us a
  proper isinstance check without any C-side change. Drops the
  ``_TRANSFORM_TYPE_NAME`` constant and the TODO that flagged the
  brittleness.

Test results identical to before this commit (290 / 6 skipped on
matched libxml2). The three test_sign_case4 / test_verify_case_4 /
test_decrypt_uses_tree_add_ids_for_retrieval_method failures under
``pytest -k case_4`` etc. are a pre-existing add_ids registry
ordering issue surfaced when those tests run alone — not caused by
this commit.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant