NotificationsYou must be signed in to change notification settings
Fork32k
Star67.2k

Commitddca295

and

authored

[3.9]gh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (#103849) (#126976)

Co-authored-by: Gregory P. Smith <greg@krypto.org>(cherry picked from commit29f348e)Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>

1 parent307a762 commitddca295Copy full SHA for ddca295

File tree

3 files changed

+43

-1

lines changed

Lib
- test
  - test_urlparse.py
- urllib
  - parse.py
Misc/NEWS.d/next/Library
- 2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst

3 files changed

+43

-1

lines changed

`‎Lib/test/test_urlparse.py`

Lines changed: 26 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1135,6 +1135,32 @@ def test_issue14072(self):`
`1135`	`1135`	`self.assertEqual(p2.scheme,'tel')`
`1136`	`1136`	`self.assertEqual(p2.path,'+31641044153')`
`1137`	`1137`
	`1138`	`+deftest_invalid_bracketed_hosts(self):`
	`1139`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[192.0.2.146]/Path?Query')`
	`1140`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[important.com:8000]/Path?Query')`
	`1141`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[v123r.IP]/Path?Query')`
	`1142`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[v12ae]/Path?Query')`
	`1143`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[v.IP]/Path?Query')`
	`1144`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[v123.]/Path?Query')`
	`1145`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[v]/Path?Query')`
	`1146`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query')`
	`1147`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query')`
	`1148`	`+self.assertRaises(ValueError,urllib.parse.urlsplit,'Scheme://user@]v6a.ip[/Path')`
	`1149`	`+`
	`1150`	`+deftest_splitting_bracketed_hosts(self):`
	`1151`	`+p1=urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query')`
	`1152`	`+self.assertEqual(p1.hostname,'v6a.ip')`
	`1153`	`+self.assertEqual(p1.username,'user')`
	`1154`	`+self.assertEqual(p1.path,'/path')`
	`1155`	`+p2=urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query')`
	`1156`	`+self.assertEqual(p2.hostname,'0439:23af:2309::fae7%test')`
	`1157`	`+self.assertEqual(p2.username,'user')`
	`1158`	`+self.assertEqual(p2.path,'/path')`
	`1159`	`+p3=urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query')`
	`1160`	`+self.assertEqual(p3.hostname,'0439:23af:2309::fae7:1234:192.0.2.146%test')`
	`1161`	`+self.assertEqual(p3.username,'user')`
	`1162`	`+self.assertEqual(p3.path,'/path')`
	`1163`	`+`
`1138`	`1164`	`deftest_port_casting_failure_message(self):`
`1139`	`1165`	`message="Port could not be cast to integer value as 'oracle'"`
`1140`	`1166`	`p1=urllib.parse.urlparse('http://Server=sde; Service=sde:oracle')`

`‎Lib/urllib/parse.py`

Lines changed: 15 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@`
`36`	`36`	`importtypes`
`37`	`37`	`importcollections`
`38`	`38`	`importwarnings`
	`39`	`+importipaddress`
`39`	`40`
`40`	`41`	`__all__= ["urlparse","urlunparse","urljoin","urldefrag",`
`41`	`42`	`"urlsplit","urlunsplit","urlencode","parse_qs",`
`@@ -442,6 +443,17 @@ def _checknetloc(netloc):`
`442`	`443`	`raiseValueError("netloc '"+netloc+"' contains invalid "+`
`443`	`444`	`"characters under NFKC normalization")`
`444`	`445`
	`446`	`+# Valid bracketed hosts are defined in`
	`447`	`+# https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/`
	`448`	`+def_check_bracketed_host(hostname):`
	`449`	`+ifhostname.startswith('v'):`
	`450`	`+ifnotre.match(r"\Av[a-fA-F0-9]+\..+\Z",hostname):`
	`451`	`+raiseValueError(f"IPvFuture address is invalid")`
	`452`	`+else:`
	`453`	`+ip=ipaddress.ip_address(hostname)# Throws Value Error if not IPv6 or IPv4`
	`454`	`+ifisinstance(ip,ipaddress.IPv4Address):`
	`455`	`+raiseValueError(f"An IPv4 address cannot be in brackets")`
	`456`	`+`
`445`	`457`	`defurlsplit(url,scheme='',allow_fragments=True):`
`446`	`458`	`"""Parse a URL into 5 components:`
`447`	`459`	`<scheme>://<netloc>/<path>?<query>#<fragment>`
`@@ -488,12 +500,14 @@ def urlsplit(url, scheme='', allow_fragments=True):`
`488`	`500`	`break`
`489`	`501`	`else:`
`490`	`502`	`scheme,url=url[:i].lower(),url[i+1:]`
`491`		`-`
`492`	`503`	`ifurl[:2]=='//':`
`493`	`504`	`netloc,url=_splitnetloc(url,2)`
`494`	`505`	`if (('['innetlocand']'notinnetloc)or`
`495`	`506`	`(']'innetlocand'['notinnetloc)):`
`496`	`507`	`raiseValueError("Invalid IPv6 URL")`
	`508`	`+if'['innetlocand']'innetloc:`
	`509`	`+bracketed_host=netloc.partition('[')[2].partition(']')[0]`
	`510`	`+_check_bracketed_host(bracketed_host)`
`497`	`511`	`ifallow_fragmentsand'#'inurl:`
`498`	`512`	`url,fragment=url.split('#',1)`
`499`	`513`	`if'?'inurl:`

`‎Misc/NEWS.d/next/Library/2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+Add checks to ensure that ``[`` bracketed ``]`` hosts found by
	`2`	+:func:`urllib.parse.urlsplit` are of IPv6 or IPvFuture format.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitddca295

File tree

3 files changed

3 files changed

`‎Lib/test/test_urlparse.py`

`‎Lib/urllib/parse.py`

`‎Misc/NEWS.d/next/Library/2023-04-26-09-54-25.gh-issue-103848.aDSnpR.rst`

0 commit comments