packages/python2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python2/CVE-2019-10160-2.patch
openeuler-basic f3e7b3de9b fix some CVE and update spec
2019-12-25 18:38:04 +08:00

51 lines
2.4 KiB
Diff
Raw Blame History

diff -uNrp a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
--- a/Lib/test/test_urlparse.py 2019-12-21 15:54:46.576000000 +0800
+++ b/Lib/test/test_urlparse.py 2019-12-21 15:56:22.440000000 +0800
@@ -648,11 +648,13 @@ class UrlParseTestCase(unittest.TestCase
urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380')
for scheme in [u"http", u"https", u"ftp"]:
- for c in denorm_chars:
- url = u"{}://netloc{}false.netloc/path".format(scheme, c)
- print "Checking %r" % url
- with self.assertRaises(ValueError):
- urlparse.urlsplit(url)
+ for netloc in [u"netloc{}false.netloc", u"n{}user@netloc"]:
+ for c in denorm_chars:
+ url = u"{}://{}/path".format(scheme, netloc.format(c))
+ if test_support.verbose:
+ print "Checking %r" % url
+ with self.assertRaises(ValueError):
+ urlparse.urlsplit(url)
def test_main():
test_support.run_unittest(UrlParseTestCase)
diff -uNrp a/Lib/urlparse.py b/Lib/urlparse.py
--- a/Lib/urlparse.py 2019-12-21 15:54:46.344000000 +0800
+++ b/Lib/urlparse.py 2019-12-21 15:57:41.260000000 +0800
@@ -171,18 +171,18 @@ def _checknetloc(netloc):
# looking for characters like \u2100 that expand to 'a/c'
# IDNA uses NFKC equivalence, so normalize for this check
import unicodedata
- n = netloc.rpartition('@')[2] # ignore anything to the left of '@'
- n = n.replace(':', '') # ignore characters already included
- n = n.replace('#', '') # but not the surrounding text
- n = n.replace('?', '')
+ n = netloc.replace(u'@', u'') # ignore characters already included
+ n = n.replace(u':', u'') # but not the surrounding text
+ n = n.replace(u'#', u'')
+ n = n.replace(u'?', u'')
netloc2 = unicodedata.normalize('NFKC', n)
if n == netloc2:
return
_, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
for c in '/?#@:':
if c in netloc2:
- raise ValueError("netloc '" + netloc + "' contains invalid " +
- "characters under NFKC normalization")
+ raise ValueError(u"netloc '" + netloc + u"' contains invalid " +
+ u"characters under NFKC normalization")
def urlsplit(url, scheme='', allow_fragments=True):
"""Parse a URL into 5 components:
Reference in New Issue View Git Blame Copy Permalink