gh-151532: Validate xmlrpc.client.dumps() arguments under -O by zainnadeem786 · Pull Request #151533 · python/cpython

Summary

Fixes gh-151532.

xmlrpc.client.dumps() currently uses assert statements to validate public API arguments. When Python is executed with optimization enabled (python -O), those assertions are removed, causing invalid inputs to be accepted and serialized instead of being rejected.

This change replaces the assertion-based validation with explicit runtime checks so behavior remains consistent regardless of optimization mode.

Reproduction

Before this change:

import xmlrpc.client as xmlrpclib

xmlrpclib.dumps(["x"])

Normal execution:

AssertionError: argument must be tuple or Fault instance

Optimized execution (python -O):

Similarly:

xmlrpclib.dumps((1, 2), methodresponse=True)

Normal execution:

AssertionError: response tuple must be a singleton

Optimized execution (python -O):

Because the validation relied on assertions, invalid inputs were silently accepted when optimization was enabled.

Changes

• Replace the assert that validates params with an explicit TypeError.
• Replace the assert that validates methodresponse=True response tuples with an explicit ValueError.
• Preserve the existing validation messages.
• Add regression tests covering invalid argument types and invalid response tuple lengths.
• Add an optimized (python -O) subprocess test to verify validation remains enforced when assertions are disabled.
• Add a NEWS entry.

Tests

Added regression coverage for:

• Invalid params values (list, dict, str, int)
• Invalid methodresponse=True tuple lengths
• Validation behavior under python -O

After this change, invalid inputs are rejected consistently in both normal and optimized execution modes.

Issue: gh-151532