Commit Graph

169 Commits

Author SHA1 Message Date
Victor Stinner 34bab21559
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505)
CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL
scheme in URLopener().open() and URLopener().retrieve()
of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3943)
2019-05-22 23:28:28 +02:00
Miro Hrončok 7e200e0763 bpo-30458: Disallow control chars in http URLs. (GH-12755) (GH-13154)
Disallow control chars in http URLs in urllib.urlopen.  This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.

Disable https related urllib tests on a build without ssl (GH-13032)
These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.

Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)

Backport Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
2019-05-07 11:28:47 -04:00
Miss Islington (bot) 6163210089
bpo-36019: Use pythontest.net instead of example.com in network tests (GH-11941)
(cherry picked from commit a40681dd5d)

Co-authored-by: Stéphane Wirtel <stephane@wirtel.be>
2019-02-22 06:03:26 -08:00
Senthil Kumaran efbd4ea65d Minor spell fix and formatting fixes in urllib tests. (#959) 2017-04-01 23:47:35 -07:00
Ratnadeep Debnath 21024f0662 bpo-16285: Update urllib quoting to RFC 3986 (#173)
* bpo-16285: Update urllib quoting to RFC 3986

urllib.parse.quote is now based on RFC 3986, and hence
includes `'~'` in the set of characters that is not escaped
by default.

Patch by Christian Theune and Ratnadeep Debnath.
2017-02-25 19:00:28 +10:00
Xiang Zhang c44d58a77a Issue #29142: Merge 3.5. 2017-01-09 11:50:02 +08:00
Xiang Zhang 959ff7f1c6 Issue #29142: Fix suffixes in no_proxy handling in urllib.
In urllib.request, suffixes in no_proxy environment variable with
leading dots could match related hostnames again (e.g. .b.c matches a.b.c).
Patch by Milan Oberkirch.
2017-01-09 11:47:55 +08:00
Christian Heimes d04863771b Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.

ssl.wrap_socket() is not marked as deprecated yet.
2016-09-10 23:23:33 +02:00
Martin Panter 0be894b2f6 Issue #27895: Spelling fixes (Contributed by Ville Skyttä). 2016-09-07 12:03:06 +00:00
R David Murray 44b548dda8 #27364: fix "incorrect" uses of escape character in the stdlib.
And most of the tools.

Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
2016-09-08 13:59:53 -04:00
Raymond Hettinger 15f44ab043 Issue #27895: Spelling fixes (Contributed by Ville Skyttä). 2016-08-30 10:47:49 -07:00
Senthil Kumaran 17742f2d45 [merge from 3.4] - Prevent HTTPoxy attack (CVE-2016-1000110)
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue #27568 Reported and patch contributed by Rémi Rampin.
2016-07-30 23:39:06 -07:00
Senthil Kumaran 436fe5a447 [merge from 3.3] Prevent HTTPoxy attack (CVE-2016-1000110)
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue #27568 Reported and patch contributed by Rémi Rampin.
2016-07-30 23:34:34 -07:00
Senthil Kumaran 4cbb23f8f2 Prevent HTTPoxy attack (CVE-2016-1000110)
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue #27568 Reported and patch contributed by Rémi Rampin.
2016-07-30 23:24:16 -07:00
Martin Panter ce6e06874b Issue #14132: Fix redirect handling when target is just a query string 2016-05-16 01:07:13 +00:00
Martin Panter aa27982ffc Issue #26864: Fix case insensitivity and suffix comparison with no_proxy
Patch by Xiang Zhang.
2016-04-30 01:03:40 +00:00
Senthil Kumaran a7c0ff2f0b Issue #26804: urllib.request will prefer lower_case proxy environment variables
over UPPER_CASE or Mixed_Case ones.

Patch contributed by Hans-Peter Jansen. Reviewed by Martin Panter and Senthil Kumaran.
2016-04-25 08:16:23 -07:00
Martin Panter 7462b64911 Issue #25523: Correct "a" article to "an" article
This changes the main documentation, doc strings, source code comments, and a
couple error messages in the test suite. In some cases the word was removed
or edited some other way to fix the grammar.
2015-11-02 03:37:02 +00:00
Serhiy Storchaka 9270be7662 Added more tests for urllib.parse utility functions.
These functions are not documented but used in third-party code.
2015-03-02 16:32:29 +02:00
Senthil Kumaran 8b7e161ac3 backport context argument of urlopen (#22366) for pep 476 2014-09-19 15:23:30 +08:00
Serhiy Storchaka f54c350160 Issue #19524: Fixed resource leak in the HTTP connection when an invalid
response is received.  Patch by Martin Panter.
2014-09-06 21:41:39 +03:00
Benjamin Peterson 3c2dca67ac in ftp cache pruning, avoid changing the size of a dict while iterating over it (closes #21463)
Patch by Skyler Leigh Amador.
2014-06-07 15:08:04 -07:00
Serhiy Storchaka d3e1207191 Issue #20555: Use specific asserts in urllib, httplib, ftplib, cgi, wsgiref tests. 2014-02-08 14:51:10 +02:00
Serhiy Storchaka 25d8aeac7c Issue #20555: Use specific asserts in urllib, httplib, ftplib, cgi, wsgiref tests. 2014-02-08 14:50:08 +02:00
Ezio Melotti a7e7497d88 #18466: merge with 3.3. 2013-08-17 16:58:13 +03:00
Ezio Melotti 85a8629d21 #18466: fix more typos. Patch by Févry Thibault. 2013-08-17 16:57:41 +03:00
Senthil Kumaran f49581c2a1 normalize whitespace 2013-04-10 20:55:58 -07:00
Senthil Kumaran c7e0980259 normalize whitespace. caught by hook 2013-04-10 20:54:23 -07:00
Senthil Kumaran 8b081b7ba1 merge from 3.3
#5609 - test_urllib coverage for url2pathname and pathname2url. Patch
contribution by Thomas Fenzl & Maksim Kozyarchuk
2013-04-10 20:53:12 -07:00
Senthil Kumaran 277e9090b0 #5609 - test_urllib coverage for url2pathname and pathname2url. Patch
contribution by Thomas Fenzl & Maksim Kozyarchuk
2013-04-10 20:51:19 -07:00
Ezio Melotti d8bc0a3693 Merge DeprecationWarnings silencing in test_urllib from 3.3. 2013-02-21 02:55:56 +02:00
Ezio Melotti 79b99dba0f Silence DeprecationWarnings in test_urllib. 2013-02-21 02:41:42 +02:00
Andrew Svetlov f7a17b48d7 Replace IOError with OSError (#16715) 2012-12-25 16:47:37 +02:00
Antoine Pitrou df204be922 Issue #16423: urllib.request now has support for ``data:`` URLs.
Patch by Mathias Panzenböck.
2012-11-24 17:59:08 +01:00
Gregory P. Smith 601c0591c2 Fix test_urllib broken by my previous commits. The assumptions it was
testing were added as part of the issue10050 change that caused the
wrong behavior in the first place.  now all test cases agree on the
behavior.
2012-11-10 15:13:20 -08:00
Gregory P. Smith 6d9388faab Fix test_urllib broken by my previous commits. The assumptions it was
testing were added as part of the issue10050 change that caused the
wrong behavior in the first place.  now all test cases agree on the
behavior.
2012-11-10 15:12:55 -08:00
Senthil Kumaran cc2f0421c7 Issue #16250: Fix URLError invocation with proper args 2012-10-27 02:48:21 -07:00
Senthil Kumaran cad7b31467 Issue #16250: Fix URLError invocation with proper args. 2012-10-27 02:26:46 -07:00
Senthil Kumaran bf644c5571 Fix the windows buildbot permission error - close the fd of tempfile beffore unlinking 2012-10-23 11:07:02 -07:00
Senthil Kumaran 3194d7cfce Fix issue16300: addressing the buildbot failures on windows 2012-10-23 09:40:53 -07:00
Senthil Kumaran c3633b6a78 skip the file localhost test on windows. Fix it on branch and modify the test 2012-10-22 21:50:19 -07:00
Senthil Kumaran 3a81580719 Fix the ResourceWarning in test_urllib.py due changes made for #16301. Patch by Berker Peksag 2012-10-22 17:06:43 -07:00
Senthil Kumaran 40d8078f41 Issue #16301: Fix the localhost verification in urllib/request.py for file://. Modify tests to use localhost for local temp files, which could make Windows Buildbot (#16300) happy 2012-10-22 09:43:04 -07:00
Senthil Kumaran 3ebef36eea Issue #16250: Fix the invocations of URLError which had misplaced filename attribute for exception 2012-10-21 18:31:25 -07:00
Senthil Kumaran f577686fd3 Issue #10836: Fix exception raised when file not found in urlretrieve 2012-10-21 13:30:02 -07:00
Senthil Kumaran 612a815820 revert the changes done for issue14826 - quoting witin Request is not desirable. 2012-07-08 18:00:47 -07:00
Senthil Kumaran 168456df11 revert the changes done for issue14826 - quoting witin Request is not desirable. 2012-07-08 17:47:25 -07:00
Senthil Kumaran 540715a369 Fix issue14826 - make urllib.request.Request quoted url consistent with URLOpener open method.
Patch contributed by Stephen Thorne.
2012-07-07 17:15:52 -07:00
Senthil Kumaran b7451cecad Fix issue14826 - make urllib.request.Request quoted url consistent with URLOpener open method.
Patch contributed by Stephen Thorne.
2012-07-07 17:11:44 -07:00
Senthil Kumaran 38b968b913 deprecated the old urllib primitives in 3.3 urllib package - issue 10050 2012-03-14 13:43:53 -07:00