Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd89a5f6

Browse files
gh-105704: Disallow square brackets ([ and]) in domain names for parsed URLs (#129418)
*gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs* Use Sphinx referencesCo-authored-by: Peter Bierma <zintensitydev@gmail.com>* Add mismatched bracket test cases, fix news format* Add more test coverage for ports---------Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
1 parent54f74b8 commitd89a5f6

File tree

3 files changed

+58
-3
lines changed

3 files changed

+58
-3
lines changed

‎Lib/test/test_urlparse.py

Lines changed: 36 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1412,16 +1412,51 @@ def test_invalid_bracketed_hosts(self):
14121412
self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query')
14131413
self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query')
14141414
self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@]v6a.ip[/Path')
1415+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[v6a.ip]')
1416+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[v6a.ip].suffix')
1417+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[v6a.ip]/')
1418+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[v6a.ip].suffix/')
1419+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[v6a.ip]?')
1420+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[v6a.ip].suffix?')
1421+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[::1]')
1422+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[::1].suffix')
1423+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[::1]/')
1424+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[::1].suffix/')
1425+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[::1]?')
1426+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[::1].suffix?')
1427+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[::1]:a')
1428+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[::1].suffix:a')
1429+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[::1]:a1')
1430+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[::1].suffix:a1')
1431+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[::1]:1a')
1432+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[::1].suffix:1a')
1433+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[::1]:')
1434+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[::1].suffix:/')
1435+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[::1]:?')
1436+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://user@prefix.[v6a.ip]')
1437+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://user@[v6a.ip].suffix')
1438+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://[v6a.ip')
1439+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://v6a.ip]')
1440+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://]v6a.ip[')
1441+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://]v6a.ip')
1442+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://v6a.ip[')
1443+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix.[v6a.ip')
1444+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://v6a.ip].suffix')
1445+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix]v6a.ip[suffix')
1446+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://prefix]v6a.ip')
1447+
self.assertRaises(ValueError,urllib.parse.urlsplit,'scheme://v6a.ip[suffix')
14151448

14161449
deftest_splitting_bracketed_hosts(self):
1417-
p1=urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query')
1450+
p1=urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query')
14181451
self.assertEqual(p1.hostname,'v6a.ip')
14191452
self.assertEqual(p1.username,'user')
14201453
self.assertEqual(p1.path,'/path')
1454+
self.assertEqual(p1.port,1234)
14211455
p2=urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query')
14221456
self.assertEqual(p2.hostname,'0439:23af:2309::fae7%test')
14231457
self.assertEqual(p2.username,'user')
14241458
self.assertEqual(p2.path,'/path')
1459+
self.assertIs(p2.port,None)
14251460
p3=urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query')
14261461
self.assertEqual(p3.hostname,'0439:23af:2309::fae7:1234:192.0.2.146%test')
14271462
self.assertEqual(p3.username,'user')

‎Lib/urllib/parse.py

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -439,6 +439,23 @@ def _checknetloc(netloc):
439439
raiseValueError("netloc '"+netloc+"' contains invalid "+
440440
"characters under NFKC normalization")
441441

442+
def_check_bracketed_netloc(netloc):
443+
# Note that this function must mirror the splitting
444+
# done in NetlocResultMixins._hostinfo().
445+
hostname_and_port=netloc.rpartition('@')[2]
446+
before_bracket,have_open_br,bracketed=hostname_and_port.partition('[')
447+
ifhave_open_br:
448+
# No data is allowed before a bracket.
449+
ifbefore_bracket:
450+
raiseValueError("Invalid IPv6 URL")
451+
hostname,_,port=bracketed.partition(']')
452+
# No data is allowed after the bracket but before the port delimiter.
453+
ifportandnotport.startswith(":"):
454+
raiseValueError("Invalid IPv6 URL")
455+
else:
456+
hostname,_,port=hostname_and_port.partition(':')
457+
_check_bracketed_host(hostname)
458+
442459
# Valid bracketed hosts are defined in
443460
# https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/
444461
def_check_bracketed_host(hostname):
@@ -505,8 +522,7 @@ def _urlsplit(url, scheme=None, allow_fragments=True):
505522
(']'innetlocand'['notinnetloc)):
506523
raiseValueError("Invalid IPv6 URL")
507524
if'['innetlocand']'innetloc:
508-
bracketed_host=netloc.partition('[')[2].partition(']')[0]
509-
_check_bracketed_host(bracketed_host)
525+
_check_bracketed_netloc(netloc)
510526
ifallow_fragmentsand'#'inurl:
511527
url,fragment=url.split('#',1)
512528
if'?'inurl:
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
When using:func:`urllib.parse.urlsplit` and:func:`urllib.parse.urlparse` host
2+
parsing would not reject domain names containing square brackets (``[`` and
3+
``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to
4+
`RFC 3986 Section 3.2.2<https://www.rfc-editor.org/rfc/rfc3986#section-3.2.2>`__.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp