Skip to content

Unbreak unit tests with Twisted 25.5.0 by add parsePOSTFormSubmission arg to FakeSite #18577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

Unbreak unit tests with Twisted 25.5.0 by add parsePOSTFormSubmission arg to FakeSite #18577

wants to merge 6 commits into from

Conversation

anoadragon453
Copy link
Member

@anoadragon453 anoadragon453 commented Jun 19, 2025
edited
Loading

Twisted's Site exposes _parsePOSTFormSubmission which is accessed by Request during initialisation (since Twisted 25.5.0, https://github.com/twisted/twisted/pull/12413/files#diff-6c8252af78a4a1c3cdfd2474b7349fb479c0e0a308a8336e4ddab729f55df9baR802).

Provide the same attribute so that tests remain compatible across Twisted versions.

Fixes #18565.

Pull Request Checklist

  • Pull request is based on the develop branch
  • Pull request includes a changelog file. The entry should:
    • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
    • Use markdown where necessary, mostly for code blocks.
    • End with either a period (.) or an exclamation mark (!).
    • Start with a capital letter.
    • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
  • Code style is correct (run the linters)

@anoadragon453 anoadragon453 marked this pull request as ready for review June 19, 2025 13:24
@anoadragon453 anoadragon453 requested a review from a team as a code owner June 19, 2025 13:24
@anoadragon453 anoadragon453 mentioned this pull request Jun 19, 2025
Open
anoadragon453 and others added 5 commits June 20, 2025 18:41
@anoadragon453
Update Twisted to v25.5.0
7c1c214
@anoadragon453
Add parsePOSTFormSubmission arg to FakeSite
9c7a8dd 
Twisted's `Site` exposes `_parsePOSTFormSubmission` which is
accessed by `Request` during initialisation (since Twisted 25.5.0).
Provide the same attribute so that tests remain compatible across
Twisted versions.
@anoadragon453
Add _parsePOSTFormSubmission to mock of FakeSite
b40f8dd
@anoadragon453-codex @anoadragon453
Fix Twisted 25.5 compatibility
4967e70
@anoadragon453
Capture logs of test_recovery test
b3ddde3 
Otherwise they end up overrunning Twisted’s AMP protocol message size and raising a `TooLong` error.
@anoadragon453 anoadragon453 force-pushed the anoa/fix_twisted_25_5_0 branch from 6f26c31 to b3ddde3 Compare June 20, 2025 17:41
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 20, 2025
View reviewed changes
tests/test_server.py
@@ -226,8 +226,7 @@
isLeaf = True

def render(self, request: SynapseRequest) -> bytes:
# Type-ignore: mypy thinks request.path is Optional[Any], not bytes.
return request.path # type: ignore[return-value]
return request.path

Check warning

Code scanning / CodeQL

Reflected server-side cross-site scripting Medium test

Cross-site scripting vulnerability due to a
user-provided value
Loading
.

Copilot Autofix

AI 3 days ago

To fix the issue, we need to escape the request.path value before returning it in the render method of the DummyResource class. This ensures that any potentially malicious input is properly sanitized and cannot execute as part of an HTML response. The html.escape() function from Python's standard library is suitable for this purpose, as it escapes special characters like <, >, and &.

The changes will be made in the render method of the DummyResource class in the OptionsResourceTests test case. Specifically:

  1. Import the html module to use the html.escape() function.
  2. Modify the render method to escape request.path before returning it.
Suggested changeset 1
tests/test_server.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/tests/test_server.py b/tests/test_server.py
--- a/tests/test_server.py
+++ b/tests/test_server.py
@@ -228,3 +228,4 @@
             def render(self, request: SynapseRequest) -> bytes:
-                return request.path
+                from html import escape
+                return escape(request.path.decode()).encode()
 
EOF
@@ -228,3 +228,4 @@
def render(self, request: SynapseRequest) -> bytes:
return request.path
from html import escape
return escape(request.path.decode()).encode()

Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Test failures with Twisted 25.5.0
2 participants
@anoadragon453 @anoadragon453-codex