packages/python2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python2/CVE-2019-10160-3.patch
openeuler-basic f3e7b3de9b fix some CVE and update spec
2019-12-25 18:38:04 +08:00

42 lines
2.2 KiB
Diff
Raw Blame History

diff -uNrp a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
--- a/Lib/test/test_urlparse.py 2019-12-21 15:58:00.556000000 +0800
+++ b/Lib/test/test_urlparse.py 2019-12-21 15:59:11.456000000 +0800
@@ -656,6 +656,15 @@ class UrlParseTestCase(unittest.TestCase
with self.assertRaises(ValueError):
urlparse.urlsplit(url)
+ # check error message: invalid netloc must be formated with repr()
+ # to get an ASCII error message
+ with self.assertRaises(ValueError) as cm:
+ urlparse.urlsplit(u'http://example.com\uFF03@bing.com')
+ self.assertEqual(str(cm.exception),
+ "netloc u'example.com\\uff03@bing.com' contains invalid characters "
+ "under NFKC normalization")
+ self.assertIsInstance(cm.exception.args[0], str)
+
def test_main():
test_support.run_unittest(UrlParseTestCase)
diff -uNrp a/Lib/urlparse.py b/Lib/urlparse.py
--- a/Lib/urlparse.py 2019-12-21 15:58:00.480000000 +0800
+++ b/Lib/urlparse.py 2019-12-21 15:59:55.128000000 +0800
@@ -181,8 +181,9 @@ def _checknetloc(netloc):
_, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
for c in '/?#@:':
if c in netloc2:
- raise ValueError(u"netloc '" + netloc + u"' contains invalid " +
- u"characters under NFKC normalization")
+ raise ValueError("netloc %r contains invalid characters "
+ "under NFKC normalization"
+ % netloc)
def urlsplit(url, scheme='', allow_fragments=True):
"""Parse a URL into 5 components:
diff -uNrp a/Misc/NEWS.d/next/Library/2019-06-10-12-02-45.bpo-36742.UEdHXJ.rst b/Misc/NEWS.d/next/Library/2019-06-10-12-02-45.bpo-36742.UEdHXJ.rst
--- a/Misc/NEWS.d/next/Library/2019-06-10-12-02-45.bpo-36742.UEdHXJ.rst 1970-01-01 08:00:00.000000000 +0800
+++ b/Misc/NEWS.d/next/Library/2019-06-10-12-02-45.bpo-36742.UEdHXJ.rst 2019-12-21 16:00:40.480000000 +0800
@@ -0,0 +1,3 @@
+:func:`urlparse.urlsplit` error message for invalid ``netloc`` according to
+NFKC normalization is now a :class:`str` string, rather than a
+:class:`unicode` string, to prevent error when displaying the error.
Reference in New Issue View Git Blame Copy Permalink