xmlrpc.client.dumps() skips argument validation when Python is run with -O

[zainnadeem786]

Bug report

Bug description:

Bug description

xmlrpc.client.dumps() currently relies on assert statements to validate public API arguments.

As a result, invalid inputs are rejected in normal execution, but the validation is silently removed when Python is run with optimization (-O), causing different runtime behavior for the same API.

The documentation states that:

• params must be a tuple or Fault instance.
• methodresponse=True expects a singleton response tuple.

However, these constraints are enforced only through assert, which is removed when __debug__ is false.

Reproducer

import xmlrpc.client as xmlrpclib

for label, call in [
    ("list params", lambda: xmlrpclib.dumps(["x"])),
    ("dict params", lambda: xmlrpclib.dumps({"x": 1})),
    ("string params", lambda: xmlrpclib.dumps("abc")),
    ("multi-value response", lambda: xmlrpclib.dumps((1, 2), methodresponse=True)),
]:
    try:
        result = call()
    except BaseException as exc:
        print(label + ":", type(exc).__name__, str(exc))
    else:
        print(label + ": OK")

Normal execution

python repro.py

Output:

list params: AssertionError argument must be tuple or Fault instance
dict params: AssertionError argument must be tuple or Fault instance
string params: AssertionError argument must be tuple or Fault instance
multi-value response: AssertionError response tuple must be a singleton

Optimized execution

python -O repro.py

Output:

list params: OK
dict params: OK
string params: OK
multi-value response: OK

Root cause

Lib/xmlrpc/client.py currently performs argument validation using assertions:

assert isinstance(params, (tuple, Fault)), \
    "argument must be tuple or Fault instance"

assert len(params) == 1, \
    "response tuple must be a singleton"

When Python is executed with -O, these assertions are removed and execution proceeds into the marshalling logic, which serializes the supplied values instead of rejecting them.

Expected behavior

Public API validation should be enforced consistently regardless of optimization mode.

Invalid values should continue to be rejected when Python is run with -O.

Actual behavior

Running under -O disables validation and allows invalid inputs to be serialized.

Suggested fix

Replace the assertion-based validation with explicit runtime checks.

Possible exception types:

• TypeError when params is neither a tuple nor a Fault instance.
• ValueError when methodresponse=True is used with a tuple length other than 1.

Add regression tests to ensure behavior remains consistent under optimization.

Notes

I searched for existing issues and did not find an open report covering this specific -O behavior difference for xmlrpc.client.dumps().

This appears to be a public API consistency bug rather than a security issue.

CPython versions tested on:

CPython main branch

Operating systems tested on:

Windows

Linked PRs

• gh-151532: Validate xmlrpc.client.dumps() arguments under -O #151533

[StanFromIreland]

security issue

The xmlrpc.client module is explicitly documented as not secure against maliciously constructed data. As such, it does not have "security vulnerabilities", we can consider hardening it, however.

[zainnadeem786]

Hi @StanFromIreland ,

Thanks for the clarification.

Agreed, I wasn't intending to report this as a security vulnerability. My concern was the behavioral difference between normal and optimized execution caused by public API validation being implemented with assert.

The linked PR focuses only on making the documented argument validation behave consistently under -O and does not attempt to address the broader security characteristics of xmlrpc.client.

Thanks for taking a look.