Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit5b4b64c

Browse files
authored
Add more tests to prevent regression of CVE 2024 47081
Remove workaround not needed since py38 for os.path.expanduser.
1 parent7bc4587 commit5b4b64c

File tree

2 files changed

+20
-8
lines changed

2 files changed

+20
-8
lines changed

‎src/requests/utils.py‎

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -219,14 +219,7 @@ def get_netrc_auth(url, raise_errors=False):
219219
netrc_path=None
220220

221221
forfinnetrc_locations:
222-
try:
223-
loc=os.path.expanduser(f)
224-
exceptKeyError:
225-
# os.path.expanduser can fail when $HOME is undefined and
226-
# getpwuid fails. See https://bugs.python.org/issue20164 &
227-
# https://github.com/psf/requests/issues/1846
228-
return
229-
222+
loc=os.path.expanduser(f)
230223
ifos.path.exists(loc):
231224
netrc_path=loc
232225
break

‎tests/test_utils.py‎

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
get_encoding_from_headers,
2424
get_encodings_from_content,
2525
get_environ_proxies,
26+
get_netrc_auth,
2627
guess_filename,
2728
guess_json_utf,
2829
is_ipv4_address,
@@ -152,6 +153,24 @@ def test_super_len_with_no_matches(self):
152153
assertsuper_len(object())==0
153154

154155

156+
classTestGetNetrcAuth:
157+
deftest_works(self,tmp_path,monkeypatch):
158+
netrc_path=tmp_path/".netrc"
159+
monkeypatch.setenv("NETRC",str(netrc_path))
160+
withopen(netrc_path,"w")asf:
161+
f.write("machine example.com login aaaa password bbbb\n")
162+
auth=get_netrc_auth("http://example.com/thing")
163+
assertauth== ("aaaa","bbbb")
164+
165+
deftest_not_vulnerable_to_bad_url_parsing(self,tmp_path,monkeypatch):
166+
netrc_path=tmp_path/".netrc"
167+
monkeypatch.setenv("NETRC",str(netrc_path))
168+
withopen(netrc_path,"w")asf:
169+
f.write("machine example.com login aaaa password bbbb\n")
170+
auth=get_netrc_auth("http://example.com:@evil.com/'")
171+
assertauthisNone
172+
173+
155174
classTestToKeyValList:
156175
@pytest.mark.parametrize(
157176
"value, expected",

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp