bpo-41944: No longer call eval() on content received via HTTP in the CJK codec tests by serhiy-storchaka · Pull Request #22566 · python/cpython

…CJK codec tests (pythonGH-22566)

(cherry picked from commit 2ef5caa)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

…CJK codec tests (pythonGH-22566)

(cherry picked from commit 2ef5caa)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

…CJK codec tests (GH-22566) (GH-22577)

(cherry picked from commit 2ef5caa)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

…UnicodeNames tests (GH-22575)

Similarly to GH-22566, those tests called eval() on content received via
HTTP in test_named_sequences_full. This likely isn't exploitable because
unicodedata.lookup(seqname) is called before self.checkletter(seqname,
None) - thus any string which isn't a valid unicode character name
wouldn't ever reach the checkletter method.

Still, it's probably better to be safe than sorry.

* origin/master: (147 commits)
  Fix the attribute names in the docstring of GenericAlias (pythonGH-22594)
  bpo-39337: Add a test case for normalizing of codec names (pythonGH-19069)
  bpo-41557: Update Windows installer to use SQLite 3.33.0 (pythonGH-21960)
  bpo-41976: Fix the fallback to gcc of ctypes.util.find_library when using gcc>9 (pythonGH-22598)
  bpo-41306: Allow scale value to not be rounded (pythonGH-21715)
  bpo-41970: Avoid test failure in test_lib2to3 if the module is already imported (pythonGH-22595)
  bpo-41376: Fix the documentation of `site.getusersitepackages()` (pythonGH-21602)
  Revert "bpo-26680: Incorporate is_integer in all built-in and standard library numeric types (pythonGH-6121)" (pythonGH-22584)
  bpo-41923: PEP 613: Add TypeAlias to typing module (python#22532)
  Fix comment about PyObject_IsTrue. (pythonGH-22343)
  bpo-38605: Make 'from __future__ import annotations' the default (pythonGH-20434)
  bpo-41905: Add abc.update_abstractmethods() (pythonGH-22485)
  bpo-41944: No longer call eval() on content received via HTTP in the UnicodeNames tests (pythonGH-22575)
  bpo-41944: No longer call eval() on content received via HTTP in the CJK codec tests (pythonGH-22566)
  Post 3.10.0a1
  Python 3.10.0a1
  bpo-41584: clarify when the reflected method of a binary arithemtic operator is called (python#22505)
  bpo-41939: Fix test_site.test_license_exists_at_url() (python#22559)
  bpo-41774: Tweak new programming FAQ entry (pythonGH-22562)
  bpo-41936. Remove macros Py_ALLOW_RECURSION/Py_END_ALLOW_RECURSION (pythonGH-22552)
  ...

…UnicodeNames tests (pythonGH-22575)

Similarly to pythonGH-22566, those tests called eval() on content received via
HTTP in test_named_sequences_full. This likely isn't exploitable because
unicodedata.lookup(seqname) is called before self.checkletter(seqname,
None) - thus any string which isn't a valid unicode character name
wouldn't ever reach the checkletter method.

Still, it's probably better to be safe than sorry.

…CJK codec tests (GH-22566) (GH-22578)

(cherry picked from commit 2ef5caa)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

…CJK codec tests (GH-22566) (GH-22579)

(cherry picked from commit 2ef5caa)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

…CJK codec tests (pythonGH-22566) (pythonGH-22579)

(cherry picked from commit 2ef5caa)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

Rebased for Python 2.7 by Michał Górny <mgorny@gentoo.org>