Commit2d4a3fe

committed

Improve performance of sub-authority splitting in URL

1 parent2698537 commit2d4a3feCopy full SHA for 2d4a3fe

File tree

+15

-3

lines changed

+15

-3

lines changed

Lines changed: 5 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -63,12 +63,12 @@`
`63`	`63`	`BRACELESS_IPV6_ADDRZ_RE=re.compile("^"+IPV6_ADDRZ_PAT[2:-2]+"$")`
`64`	`64`	`ZONE_ID_RE=re.compile("("+ZONE_ID_PAT+r")\]$")`
`65`	`65`
`66`		`-SUBAUTHORITY_PAT= (u"^(?:(.*)@)?(%s\|%s\|%s)(?::([0-9]{0,5}))?$")% (`
	`66`	`+_HOST_PORT_PAT= ("^(%s\|%s\|%s)(?::([0-9]{0,5}))?$")% (`
`67`	`67`	`REG_NAME_PAT,`
`68`	`68`	`IPV4_PAT,`
`69`	`69`	`IPV6_ADDRZ_PAT,`
`70`	`70`	`)`
`71`		`-SUBAUTHORITY_RE=re.compile(SUBAUTHORITY_PAT,re.UNICODE\|re.DOTALL)`
	`71`	`+_HOST_PORT_RE=re.compile(_HOST_PORT_PAT,re.UNICODE\|re.DOTALL)`
`72`	`72`
`73`	`73`	`UNRESERVED_CHARS=set(`
`74`	`74`	`"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-~"`
`@@ -365,7 +365,9 @@ def parse_url(url):`
`365`	`365`	`scheme=scheme.lower()`
`366`	`366`
`367`	`367`	`ifauthority:`
`368`		`-auth,host,port=SUBAUTHORITY_RE.match(authority).groups()`
	`368`	`+auth,_,host_port=authority.rpartition("@")`
	`369`	`+auth=authorNone`
	`370`	`+host,port=_HOST_PORT_RE.match(host_port).groups()`
`369`	`371`	`ifauthandnormalize_uri:`
`370`	`372`	`auth=_encode_invalid_chars(auth,USERINFO_CHARS)`
`371`	`373`	`ifport=="":`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -438,6 +438,16 @@ def test_netloc(self, url, expected_netloc):`
`438`	`438`	`fragment="hash",`
`439`	`439`	`),`
`440`	`440`	`),`
	`441`	`+# Tons of '@' causing backtracking`
	`442`	`+ ("https://"+ ("@"*10000)+"[",False),`
	`443`	`+ (`
	`444`	`+"https://user:"+ ("@"*10000)+"example.com",`
	`445`	`+Url(`
	`446`	`+scheme="https",`
	`447`	`+auth="user:"+ ("%40"*9999),`
	`448`	`+host="example.com",`
	`449`	`+ ),`
	`450`	`+ ),`
`441`	`451`	`]`
`442`	`452`
`443`	`453`	`@pytest.mark.parametrize("url, expected_url",url_vulnerabilities)`

Comments

(0)