Commit Graph

200 Commits

Author SHA1 Message Date
Senthil Kumaran 030a713183
Allow / character in username,password fields in _PROXY envvars. (#23973) 2020-12-29 04:18:42 -08:00
Ronald Oussoren 93a1ccabde
bpo-41471: Ignore invalid prefix lengths in system proxy settings on macOS (GH-22762) 2020-10-19 20:16:21 +02:00
Hai Shi bb0424b122
bpo-40275: Use new test.support helper submodules in tests (GH-21451) 2020-08-03 18:47:42 +02:00
Serhiy Storchaka bfb1cf4465
bpo-40275: Move transient_internet from test.support to socket_helper (GH-19711) 2020-04-29 10:36:20 +03:00
Victor Stinner 0b297d4ff1
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284)
The AbstractBasicAuthHandler class of the urllib.request module uses
an inefficient regular expression which can be exploited by an
attacker to cause a denial of service. Fix the regex to prevent the
catastrophic backtracking. Vulnerability reported by Ben Caller
and Matt Schwager.

AbstractBasicAuthHandler of urllib.request now parses all
WWW-Authenticate HTTP headers and accepts multiple challenges per
header: use the realm of the first Basic challenge.

Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com>
2020-04-02 02:52:20 +02:00
Abhilash Raj 19a3d87300 bpo-38449: Revert "bpo-22347: Update mimetypes.guess_type to allow oper parsing of URLs (GH-15522)" (GH-16724)
This reverts commit 87bd2071c7.



https://bugs.python.org/issue38449
2019-10-11 22:41:35 -07:00
Zackery Spytz b761e3aed1 bpo-25068: urllib.request.ProxyHandler now lowercases the dict keys (GH-13489) 2019-09-13 15:07:07 +01:00
Dong-hee Na 87bd2071c7 bpo-22347: Update mimetypes.guess_type to allow proper parsing of URLs (GH-15522)
https://bugs.python.org/issue22347
2019-09-04 17:34:35 -07:00
Serhiy Storchaka 7d44e7a456
bpo-37685: Use singletons ALWAYS_EQ and NEVER_EQ in more tests. (GH-15167) 2019-08-08 08:43:18 +03:00
Victor Stinner 7cb9204ee1
bpo-37421: urllib.request tests call urlcleanup() (GH-14529)
urllib.request tests now call urlcleanup() to remove temporary files
created by urlretrieve() tests and to clear the _opener global
variable set by urlopen() and functions calling indirectly urlopen().

regrtest now checks if urllib.request._url_tempfiles and
urllib.request._opener are changed by tests.
2019-07-02 14:50:19 +02:00
Serhiy Storchaka 5b10b98247
bpo-22831: Use "with" to avoid possible fd leaks in tests (part 2). (GH-10929) 2019-03-05 10:06:26 +02:00
Senthil Kumaran fd0cd07a5a Remove Invalid comment in test_urllib2.py (#1020) 2017-04-07 00:19:08 -07:00
Senthil Kumaran 1f5425ff69 Add helpful explaination to test_password_manager tests. (#936)
Also uncomment and fix a path test.
2017-03-31 22:27:27 -07:00
Senthil Kumaran ed3dd1c02a Remove catching OSError in ftphandler test. Only URLError is raised in urllib.request module. (#918) 2017-03-30 22:43:05 -07:00
Senthil Kumaran e6911a44f6 Remove an unrequired TODO in test_urllib2. (#897) 2017-03-29 23:02:29 -07:00
Martin Panter ef91bb2660 Issue #12319: Always send file request bodies using chunked encoding
The previous attempt to determine the file’s Content-Length gave a false
positive for pipes on Windows.

Also, drop the special case for sending zero-length iterable bodies.
2016-08-27 01:39:26 +00:00
Martin Panter 3c0d0baf2b Issue #12319: Support for chunked encoding of HTTP request bodies
When the body object is a file, its size is no longer determined with
fstat(), since that can report the wrong result (e.g. reading from a pipe).
Instead, determine the size using seek(), or fall back to chunked encoding
for unseekable files.

Also, change the logic for detecting text files to check for TextIOBase
inheritance, rather than inspecting the “mode” attribute, which may not
exist (e.g. BytesIO and StringIO).  The Content-Length for text files is no
longer determined ahead of time, because the original logic could have been
wrong depending on the codec and newline translation settings.

Patch by Demian Brecht and Rolf Krahl, with a few tweaks by me.
2016-08-24 06:33:33 +00:00
Martin Panter e6f060903c Issue #17214: Percent-encode non-ASCII bytes in redirect targets
Some servers send Location header fields with non-ASCII bytes, but "http.
client" requires the request target to be ASCII-encodable, otherwise a
UnicodeEncodeError is raised. Based on patch by Christian Heimes.

Python 2 does not suffer any problem because it allows non-ASCII bytes in the
HTTP request target.
2016-05-16 01:14:20 +00:00
Martin Panter ce6e06874b Issue #14132: Fix redirect handling when target is just a query string 2016-05-16 01:07:13 +00:00
Senthil Kumaran 9642eedc0a Issue #26892: Honor debuglevel flag in urllib.request.HTTPHandler.
Patch contributed by Chi Hsuan Yen.
2016-05-13 01:32:42 -07:00
Berker Peksag e88dd1c32c Issue #2202: Fix UnboundLocalError in AbstractDigestAuthHandler.get_algorithm_impls
Raise ValueError if algorithm is not MD5 or SHA.

Initial patch by Mathieu Dupuy.
2016-03-06 16:16:40 +02:00
Facundo Batista 244afcf26c Issue #23887: urllib.error.HTTPError now has a proper repr() representation. 2015-04-22 18:35:54 -03:00
R David Murray 4c7f995e80 #7159: generalize urllib prior auth support.
This fix is a superset of the functionality introduced by the issue #19494
enhancement, and supersedes that fix.  Instead of a new handler, we have a new
password manager that tracks whether we should send the auth for a given uri.
This allows us to say "always send", satisfying #19494, or track that we've
succeeded in auth and send the creds right away on every *subsequent* request.
The support for using the password manager is added to AbstractBasicAuth,
which means the proxy handler also now can handle prior auth if passed
the new password manager.

Patch by Akshit Khurana, docs mostly by me.
2015-04-16 16:36:18 -04:00
Berker Peksag fc080fcc7c Issue #23387: Skip test_issue16464 if it raises an 5xx error.
Also, remove support.run_doctest() since there is no doctests in
test_urllib2 and urllib.request.
2015-03-02 06:01:37 +02:00
Berker Peksag bcdfc6a1fa Issue #23387: Skip test_issue16464 if it raises an 5xx error.
Also, remove support.run_doctest() since there is no doctests in
test_urllib2 and urllib.request.
2015-03-02 06:01:01 +02:00
Serhiy Storchaka 0e992b352a Issue #7665: Fixed tests test_ntpath and test_urllib2 when ran in the
directory containing a backslash.
2015-01-26 10:26:29 +02:00
Serhiy Storchaka 5106d044ec Issue #7665: Fixed tests test_ntpath and test_urllib2 when ran in the
directory containing a backslash.
2015-01-26 10:26:14 +02:00
Nick Coghlan c216c48699 Close #19494: add urrlib.request.HTTPBasicPriorAuthHandler
This auth handler adds the Authorization header to the first
HTTP request rather than waiting for a HTTP 401 Unauthorized
response from the server as the default HTTPBasicAuthHandler
does.

This allows working with websites like https://api.github.com which do
not follow the strict interpretation of RFC, but more the dicta in the
end of section 2 of RFC 2617:

    > A client MAY preemptively send the corresponding Authorization
    > header with requests for resources in that space without receipt
    > of another challenge from the server.  Similarly, when a client
    > sends a request to a proxy, it may reuse a userid and password in
    > the Proxy-Authorization header field without receiving another
    > challenge from the proxy server. See section 4 for security
    > considerations associated with Basic authentication.

Patch by Matej Cepl.
2014-11-12 23:33:50 +10:00
Serhiy Storchaka f54c350160 Issue #19524: Fixed resource leak in the HTTP connection when an invalid
response is received.  Patch by Martin Panter.
2014-09-06 21:41:39 +03:00
Senthil Kumaran bc07ac5180 Fix localhost checking in FileHandler. Raised in #21970. 2014-07-22 00:15:20 -07:00
Senthil Kumaran d8e24f1f71 Convert urllib.request parse_proxy doctests to unittests. 2014-04-14 16:32:20 -04:00
Ned Deily 5a507f0f05 Issue #20939: Use www.example.com instead of www.python.org to avoid test
failures when ssl is not present.
2014-03-26 23:31:39 -07:00
Ned Deily e74153a436 Issue #20939: Backout test_urllib2.test_issue16464 disables:
68335b8afb1f 3.4
    ad0c75b7bd7d default
2014-03-26 23:26:03 -07:00
Victor Stinner 9a90243f8b Skip test_urllib2.test_issue16464() is the ssl module is missing 2014-03-19 17:31:20 +01:00
R David Murray d3b3bba2ed Merge: #20933: At least one place maps 'test' to 'localhost'...fix test. 2014-03-15 12:03:02 -04:00
R David Murray fdbe918eb0 #20933: At least one place maps 'test' to 'localhost'...fix test.
Discovery and patch by Wenzhu Man.  University of Waterloo apparently
maps the local name 'test' to localhost, which is in the bypass list,
causing the test to fail.  So change 'test' to a name unlikely to get
mapped to localhost.
2014-03-15 12:00:14 -04:00
Serhiy Storchaka d3e1207191 Issue #20555: Use specific asserts in urllib, httplib, ftplib, cgi, wsgiref tests. 2014-02-08 14:51:10 +02:00
Serhiy Storchaka 25d8aeac7c Issue #20555: Use specific asserts in urllib, httplib, ftplib, cgi, wsgiref tests. 2014-02-08 14:50:08 +02:00
Senthil Kumaran b6fac245b5 Backporing the fix from Issue #12692 2013-12-28 17:36:18 -08:00
Senthil Kumaran 0b5463fef2 Fix typo 2013-09-09 23:13:06 -07:00
Jason R. Coombs 4a6524295d Issue #18978: Add tests to capture expected behavior for class-level method overrides. 2013-09-08 13:03:40 -04:00
Senthil Kumaran 8307075ce8 Fix #17272 - Make Request.full_url and Request.get_full_url return same result under all circumstances.
Document the change of Request.full_url to a property.
2013-05-24 09:14:12 -07:00
Senthil Kumaran 5238092592 Issue #17272: Making the urllib.request's Request.full_url a descriptor. Fixes
bugs with assignment to full_url. Patch by Demian Brecht.
2013-04-25 05:45:48 -07:00
Senthil Kumaran d281c73536 #17648 - convert test_urllib2.py doctests to unittests 2013-04-09 06:00:16 -07:00
Senthil Kumaran fa1b02a126 #17648 - Clean up test_urllib2.py. Converted doctests to unittest for
expansion.
2013-04-08 22:24:17 -07:00
R David Murray 9cc7d45571 #17485: Delete the Content-Length header if the data attribute is deleted.
This is a follow on to issue 16464.  Original patch by Daniel Wozniak.
2013-03-20 00:10:51 -04:00
Senthil Kumaran 94f2788a85 #17471: merge from 3.3 2013-03-19 16:52:06 -07:00
Senthil Kumaran f47e77f343 #17471 - merge from 3.2 2013-03-19 16:46:34 -07:00
Senthil Kumaran 2a4d24510a #17471 - Increasing the urllib.error test coverage. Bringing it to 100%. Based on patch contributed by Daniel Wozniak 2013-03-19 16:11:07 -07:00
Senthil Kumaran 0085ce8920 #17471 - merge from 3.3 2013-03-19 13:44:42 -07:00