🐛 implement DecodeOptions.list_limit handling in Utils.combine function to prevent DoS via memory exhaustion
#275
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_call: | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: test-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| analyze: | |
| name: "Analyze" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.x" | |
| cache: "pip" | |
| - name: Install dependencies | |
| run: pip install -r requirements_dev.txt | |
| - name: Run static analysis | |
| run: tox -e linters | |
| test: | |
| name: "Test" | |
| needs: analyze | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - toxenv: "python3.8" | |
| py: "3.8" | |
| - toxenv: "python3.9" | |
| py: "3.9" | |
| - toxenv: "python3.10" | |
| py: "3.10" | |
| - toxenv: "python3.11" | |
| py: "3.11" | |
| - toxenv: "python3.12" | |
| py: "3.12" | |
| - toxenv: "python3.13" | |
| py: "3.13" | |
| - toxenv: "python3.14" | |
| py: "3.14" | |
| - toxenv: "pypy3.8" | |
| py: "pypy-3.8" | |
| - toxenv: "pypy3.9" | |
| py: "pypy-3.9" | |
| - toxenv: "pypy3.10" | |
| py: "pypy-3.10" | |
| - toxenv: "pypy3.11" | |
| py: "pypy-3.11" | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Python ${{ matrix.py }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.py }} | |
| cache: "pip" | |
| - uses: actions/cache@v5 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-1 | |
| restore-keys: | | |
| ${{ runner.os }}-pip- | |
| - name: Install dependencies | |
| run: | | |
| pip install -U codecov tox-gh-actions | |
| pip install -r requirements_dev.txt | |
| - name: Test with tox | |
| run: tox | |
| - name: Check Code Coverage | |
| uses: irongut/[email protected] | |
| with: | |
| filename: ./coverage.xml | |
| thresholds: 90 | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v5 | |
| continue-on-error: true | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| slug: techouse/qs_codec | |
| files: ./coverage.xml | |
| env_vars: OS,PYTHON | |
| verbose: true | |
| - name: Upload coverage to Codacy | |
| continue-on-error: true | |
| uses: codacy/codacy-coverage-reporter-action@v1 | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
| with: | |
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
| coverage-reports: coverage.xml | |
| ensure_compatibility: | |
| name: "Ensure compatibility with qs" | |
| needs: analyze | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.x" | |
| cache: "pip" | |
| - name: Setup Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| - name: Install Python dependencies | |
| run: pip install -e . | |
| - name: Install Node dependencies | |
| working-directory: tests/comparison | |
| run: npm install | |
| - name: Run a comparison test between qs_codec and qs for JavaScript | |
| working-directory: tests/comparison | |
| continue-on-error: true | |
| run: | | |
| set -e | |
| node_output=$(node qs.js) | |
| python_output=$(python3 qs.py) | |
| if [ "$node_output" == "$python_output" ]; then | |
| echo "The outputs are identical." | |
| else | |
| echo "The outputs are different." | |
| exit 1 | |
| fi |