Commit Graph

165 Commits

Author SHA1 Message Date
AMIR 8ca8a2e8fb
bpo-39603: Prevent header injection in http methods (GH-18485)
reject control chars in http method in http.client.putrequest to prevent http header injection
2020-07-18 13:16:10 -07:00
Hai Shi 883bc63833
bpo-40275: Use new test.support helper submodules in tests (GH-21314) 2020-07-06 11:12:49 +02:00
Bruce Merry 152f0b8bee
bpo-41002: Optimize HTTPResponse.read with a given amount (GH-20943)
I've done the implementation for both non-chunked and chunked reads. I haven't benchmarked chunked reads because I don't currently have a convenient way to generate a high-bandwidth chunked stream, but I don't see any reason that it shouldn't enjoy the same benefits that the non-chunked case does. I've used the benchmark attached to the bpo bug to verify that performance now matches the unsized read case.

Automerge-Triggered-By: @methane
2020-06-24 23:30:21 -07:00
Serhiy Storchaka bfb1cf4465
bpo-40275: Move transient_internet from test.support to socket_helper (GH-19711) 2020-04-29 10:36:20 +03:00
Serhiy Storchaka 16994912c9
bpo-40275: Avoid importing socket in test.support (GH-19603)
* Move socket related functions from test.support to socket_helper.
* Import socket, nntplib and urllib.error lazily in transient_internet().
* Remove importing multiprocess.
2020-04-25 10:06:29 +03:00
Ross 61ac612e78
bpo-39507: Add HTTP status 418 "I'm a Teapot" (GH-18291) 2020-03-15 14:24:23 +02:00
Ashwin Ramaswami 9165addc22
bpo-38576: Disallow control characters in hostnames in http.client (GH-18995)
Add host validation for control characters for more CVE-2019-18348 protection.
2020-03-14 11:56:06 -07:00
Dong-hee Na da52be4769
bpo-39509: Update HTTP status code to follow IANA (GH-18294)
Add status codes 103 EARLY_HINTS and 425 TOO_EARLY.
2020-03-14 16:12:01 +02:00
Jason R. Coombs 7774d7831e
bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16448)
* bpo-38216: Allow bypassing input validation

* bpo-36274: Also allow the URL encoding to be overridden.

* bpo-38216, bpo-36274: Add tests demonstrating a hook for overriding validation, test demonstrating override encoding, and a test to capture expectation of the interface for the URL.

* Call with skip_host to avoid tripping on the host checking in the URL.

* Remove obsolete comment.

* Make _prepare_path_encoding its own attr.

This makes overriding just that simpler.

Also, don't use the := operator to make backporting easier.

* Add a news entry.

* _prepare_path_encoding -> _encode_prepared_path()

* Once again separate the path validation and request encoding, drastically simplifying the behavior. Drop the guarantee that all processing happens in _prepare_path.
2019-09-28 08:32:01 -04:00
Raymond Hettinger 8f080b0995
bpo-26589: Add http status code 451 (GH-15413) 2019-08-23 10:19:15 -07:00
Pablo Galindo aa542c2cf2
bpo-37795: Capture DeprecationWarnings in the test suite (GH-15184) 2019-08-08 23:25:46 +01:00
Christian Heimes d1bd6e79da bpo-37440: Enable TLS 1.3 post-handshake auth in http.client (GH-14448)
Post-handshake authentication is required for conditional client cert authentication with TLS 1.3.


https://bugs.python.org/issue37440
2019-06-30 23:32:24 -07:00
Gregory P. Smith 2cc0223f43
bpo-35925: Skip SSL tests that fail due to weak external certs. (GH-13124)
Modern Linux distros such as Debian Buster have default OpenSSL system
configurations that reject connections to servers with weak certificates
by default.  This causes our test suite run with external networking
resources enabled to skip these tests when they encounter such a failure.

Fixing the network servers is a separate issue.
2019-05-06 17:54:06 -04:00
Giampaolo Rodola eb7e29f2a9
bpo-35934: Add socket.create_server() utility function (GH-11784) 2019-04-09 00:34:02 +02:00
Matt Houglum 461c416dd7 bpo-36522: Print all values for headers with multiple values. (GH-12681) 2019-04-04 07:36:47 +03:00
Marco Strigl 936f03e7fa bpo-33365: print the header values beside the keys (GH-6611)
with debuglevel=1 only the header keys got printed. With
this change the header values get printed as well and the single
header entries get '\n' as a separator.
2018-06-19 16:20:58 +03:00
Serhiy Storchaka f8a4c03ede
bpo-30399: Get rid of trailing comma in the repr of BaseException. (#1650) 2017-11-15 17:53:28 +02:00
Nir Soffer ad455cd924 bpo-31945: Configurable blocksize in HTTP(S)Connection (#4279)
blocksize was hardcoded to 8192, preventing efficient upload when using
file-like body. Add blocksize argument to __init__, so users can
configure the blocksize to fit their needs.

I tested this uploading data from /dev/zero to a web server dropping the
received data, to test the overhead of the HTTPConnection.send() with a
file-like object.

Here is an example 10g upload with the default buffer size (8192):

$ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/
Uploaded 10.00g in 17.53 seconds (584.00m/s)

real	0m17.574s
user	0m8.887s
sys	0m5.971s

Same with 512k blocksize:

$ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/
Uploaded 10.00g in 6.60 seconds (1551.15m/s)

real	0m6.641s
user	0m3.426s
sys	0m2.162s

In real world usage the difference will be smaller, depending on the
local and remote storage and the network.

See https://github.com/nirs/http-bench for more info.
2017-11-06 13:16:37 -08:00
Vitor Pereira 52ad72dd0a bpo-30553: Add status code 421 to http.HTTPStatus (GH-2589) 2017-10-26 21:49:19 +03:00
Antoine Pitrou 88c60c9668 Trivial cleanups following bpo-31370 (#3649)
* Trivial cleanups following bpo-31370

* Also cleanup the "importlib._bootstrap_external" module
2017-09-18 23:50:44 +02:00
Christian Heimes a170fa162d bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)
Replaces PROTOCOL_TLSv* and PROTOCOL_SSLv23 with PROTOCOL_TLS_CLIENT and
PROTOCOL_TLS_SERVER.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:27:30 +02:00
Martin Panter fd1df3fef2 Issue #28394: Merge typo fixes from 3.5 into 3.6 2016-10-10 00:28:38 +00:00
Martin Panter d2a584b47b Issue #28394: Spelling and typo fixes in code comments and changelog
Includes patch by Ville Skyttä.
2016-10-10 00:24:34 +00:00
Christian Heimes 8d14abc800 Issue 28022: Catch deprecation warning in test_httplib, reported by Martin Panter 2016-09-11 19:54:43 +02:00
R David Murray dc1650ca06 #22233: Only split headers on \r and/or \n, per email RFCs.
Original patch by Martin Panter, new policy fixes by me.
2016-09-07 17:44:34 -04:00
R David Murray 1badd28163 Merge: #22233: Only split headers on \r and/or \n, per email RFCs. 2016-09-07 17:46:55 -04:00
Martin Panter ef91bb2660 Issue #12319: Always send file request bodies using chunked encoding
The previous attempt to determine the file’s Content-Length gave a false
positive for pipes on Windows.

Also, drop the special case for sending zero-length iterable bodies.
2016-08-27 01:39:26 +00:00
Martin Panter 3c0d0baf2b Issue #12319: Support for chunked encoding of HTTP request bodies
When the body object is a file, its size is no longer determined with
fstat(), since that can report the wrong result (e.g. reading from a pipe).
Instead, determine the size using seek(), or fall back to chunked encoding
for unseekable files.

Also, change the logic for detecting text files to check for TextIOBase
inheritance, rather than inspecting the “mode” attribute, which may not
exist (e.g. BytesIO and StringIO).  The Content-Length for text files is no
longer determined ahead of time, because the original logic could have been
wrong depending on the codec and newline translation settings.

Patch by Demian Brecht and Rolf Krahl, with a few tweaks by me.
2016-08-24 06:33:33 +00:00
Terry Jan Reedy ffcb022738 Issue #27787: No longer call deleted test_main(). 2016-08-23 14:20:37 -04:00
Martin Panter 1fa6915427 Issue #27787: Remove test_main() and hard-coded list of test classes
The @reap_threads decorator made the test wait (for up to 1 s) until
background threads have finished.  Calling join() with a timeout should be
equivalent.
2016-08-23 09:01:43 +00:00
Martin Panter b63c56077f Close HTTP connections and responses in tests to avoid ResourceWarnings 2016-08-12 11:59:52 +00:00
Martin Panter 8d56c026a5 Issue #27125: Fix various errors like “will [be] inherited” 2016-05-29 04:13:35 +00:00
Martin Panter d979b2cfcf Issue #21069: Move test_fileno() from test_urllibnet and rewrite it
* No longer attempts to close already freed socket file descriptor
* Use socket object to be compatible with Windows
* Do not use a timeout to avoid complication with non-blocking mode
* Use internal localhost server rather than depending on a third party
* Avoid trouble with buffered HTTP data by testing tunnelled CONNECT data
2016-04-09 14:03:17 +00:00
Martin Panter ce911c3fed Issue #26499: Fixes to HTTPResponse.readline() and read1(), by Silent Ghost 2016-03-17 06:42:48 +00:00
Martin Panter 44391481d7 Issue #26045: Add UTF-8 suggestion to error in http.client
Based on patch by Guido van Rossum.
2016-02-09 10:20:52 +00:00
R David Murray cae7bdb424 #3566: Clean up handling of remote server disconnects.
This changeset does two things: introduces a new RemoteDisconnected exception
(that subclasses ConnectionResetError and BadStatusLine) so that a remote
server disconnection can be detected by client code (and provides a better
error message for debugging purposes), and ensures that the client socket is
closed if a ConnectionError happens, so that the automatic re-connection code
can work if the application handles the error and continues on.

Tests are added that confirm that a connection is re-used or not re-used
as appropriate to the various combinations of protocol version and headers.

Patch by Martin Panter, reviewed by Demian Brecht.  (Tweaked only slightly by
me.)
2015-04-05 19:26:29 -04:00
R David Murray 0a0d20edfb Merge: #23539: Set Content-Length to 0 for PUT, POST, and PATCH if body is None. 2015-03-22 15:19:01 -04:00
R David Murray beed8402ca #23539: Set Content-Length to 0 for PUT, POST, and PATCH if body is None.
Some http servers will reject PUT, POST, and PATCH requests if they
do not have a Content-Length header.

Patch by James Rutherford, with additional cleaning up of the
'request' documentation by me.
2015-03-22 15:18:23 -04:00
Serhiy Storchaka b669bfc2be Issue #22928: Disabled HTTP header injections in http.client.
Original patch by Demian Brecht.
2015-03-12 11:15:15 +02:00
Serhiy Storchaka a112a8ae47 Issue #22928: Disabled HTTP header injections in http.client.
Original patch by Demian Brecht.
2015-03-12 11:13:36 +02:00
Victor Stinner 69899e6f3f Merge 3.4 (httplib) 2015-02-27 17:47:40 +01:00
Victor Stinner b389b48265 Issue #23526: Fix ResourceWarning in test_httplib. Patch written by Alex Shkop. 2015-02-27 17:47:23 +01:00
Berker Peksag abbf0f40bb Issue #23442: Rename two member names to stay backward compatible
with the constants in http.client.

Initial patch by Demian Brecht.
2015-02-20 14:57:31 +02:00
Berker Peksag 8e28679417 Issue #23439: Add missing entries to http.client.__all__.
Also, document the LineTooLong exception since it can be raised by
the members of public API (e.g. http.client.HTTPResponse).

Patch by Martin Panter.
2015-02-20 09:45:05 +02:00
Berker Peksag babc688180 Issue #23439: Add missing entries to http.client.__all__.
Also, document the LineTooLong exception since it can be raised by
the members of public API (e.g. http.client.HTTPResponse).

Patch by Martin Panter.
2015-02-20 09:39:38 +02:00
Berker Peksag ab53ab0a84 Issue #13128: Print response headers for CONNECT requests when debuglevel > 0.
Patch by Demian Brecht.
2015-02-03 12:22:11 +02:00
Benjamin Peterson 60a2f49c8c merge 3.4 (#19996) 2015-01-25 23:31:58 -05:00
Benjamin Peterson 155ceaa454 handle headers with no key (closes #19996)
Patch by Cory Benfield.
2015-01-25 23:30:30 -05:00
Senthil Kumaran cc522bdd0c merge from 3.4
Increase http.client.HTTPConnection test coverage.

Added a new tunnel test to verify setting of _tunnel_host, _tunnel_port,
_tunnel_headers attributes on HTTPConnection object.
2015-01-24 19:26:18 -08:00
Senthil Kumaran e6cc70123e Increase http.client.HTTPConnection test coverage.
Added a new tunnel test to verify setting of _tunnel_host, _tunnel_port,
_tunnel_headers attributes on HTTPConnection object.
2015-01-24 19:24:59 -08:00