Some updates#3
Merged
Merged
Conversation
ec35068 to
af1c617
Compare
jonathangreen
added a commit
that referenced
this pull request
May 4, 2026
Code-review pass #3 over the full series. No new behavior on the crypto path; tightens cleanup correctness in one place and removes several small bits of friction surfaced by the review. src/enc.c (_encrypt_xml): - On xmlsec failure with a detached template, free ``copied`` only when its ->parent is NULL. xmlDocCopyNode sets ->doc but does NOT attach the new node into node_doc's tree, so xmlFreeDoc would NOT cover an orphaned ``copied`` and we'd leak. After successful xmlReplaceNode / xmlAddChild inside xmlsec, libxml2 always sets ->parent — to the doc itself for a root replacement, to the parent element otherwise — so a NULL parent here precisely means "xmlsec failed before attaching, we own the cleanup." This avoids both the leak and the double-free risks of the prior either-or choice. src/xmlsec/_bridge.py (replace_in_place): - Stop overwriting target.tail with source.tail. The tail lives in the parent's sibling chain, not in the post-op subtree, and every caller either had to save/restore it (encrypt_binary, encrypt_uri) or got lucky because source.tail happened to match (sign, decrypt). Document the new contract explicitly. Drop the matching tail-clobber from replace_in_place_preserving_path. - Tighten the _is_live_root docstring: detached lxml elements stay "live" via getroottree(), so this check only filters fully- invalidated proxies as a safety net for the relevance test in expand_tree_id_specs. The previous wording oversold what it caught. src/xmlsec/__init__.py: - Drop the now-unnecessary original_tail save/restore in encrypt_binary and encrypt_uri. - Drop ``copy.deepcopy`` calls when splicing post-op elements back into the user's tree. ``new_tree`` is local to each call and never reused, so handing the located element to ``_setroot`` / ``parent.replace`` reparents it cleanly. Dropping the deepcopies also drops the ``import copy``. - Type=Content return now skips comments / PIs: ``for child in node`` iterates non-element children too, and while xmlsec normally leaves a single <EncryptedData>, filtering with ``isinstance(child.tag, str)`` makes the contract explicit. src/xmlsec/template.py (_check_transform): - Replace the ``type(transform).__name__ == '__Transform'`` duck- type check with ``isinstance(transform, _TRANSFORM_CLS)`` where ``_TRANSFORM_CLS`` is recovered once at module load via ``type(_consts.TransformExclC14N)``. The C extension does not export the type by name on the constants module, but every transform constant is an instance of it, so this gives us a proper isinstance check without any C-side change. Drops the ``_TRANSFORM_TYPE_NAME`` constant and the TODO that flagged the brittleness. Test results identical to before this commit (290 / 6 skipped on matched libxml2). The three test_sign_case4 / test_verify_case_4 / test_decrypt_uses_tree_add_ids_for_retrieval_method failures under ``pytest -k case_4`` etc. are a pre-existing add_ids registry ordering issue surfaced when those tests run alone — not caused by this commit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.