Skip to content

/cpython

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bpo-36216: Add check for characters in netloc that normalize to separators #12201

Merged
merged 2 commits into from Mar 7, 2019
Merged

bpo-36216: Add check for characters in netloc that normalize to separators #12201

merged 2 commits into from Mar 7, 2019
+61 −0

Conversation

@zooba
Copy link
Member

zooba commented Mar 6, 2019
edited by bedevere-bot

https://bugs.python.org/issue36216
@zooba
bpo-36216: Add check for characters in netloc that normalize to separ…
Loading status checks…
91cdfbe 
…ators
@tiran
tiran reviewed Mar 6, 2019
View changes
Lib/urllib/parse.py Outdated Show resolved Hide resolved
@zooba
Load unicodedata module lazily
Loading status checks…
f1d2699
@tiran
tiran requested changes Mar 6, 2019
View changes
Copy link
Member

tiran left a comment

Please optimize import unicodedata.
@bedevere-bot

This comment has been minimized.

Sign in to view
Copy link

bedevere-bot commented Mar 6, 2019

When you're done making the requested changes, leave the comment: I have made the requested changes; please review again.
@tiran
tiran approved these changes Mar 6, 2019
View changes
@tiran

This comment has been minimized.

Sign in to view
Copy link
Member

tiran commented Mar 6, 2019

sorry, GH didn't refresh.
@zooba

This comment has been minimized.

Sign in to view
Copy link
Member Author

zooba commented Mar 7, 2019

I'm removing the "needs backport" tags and will create the backports manually. In particular, the docs need to be slightly different for each version.

I'll probably also have to come back later and add the CVE reference once we're assigned one (if we want it in there).
@zooba zooba merged commit 16e6f7d into python:master Mar 7, 2019
5 checks passed
5 checks passed
Azure Pipelines PR #20190306.24 succeeded
Details
bedevere/issue-number Issue number 36216 found
Details
bedevere/news News entry found in Misc/NEWS.d
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@zooba zooba deleted the zooba:urllib-bug branch Mar 7, 2019
zooba added a commit to zooba/cpython that referenced this pull request Mar 7, 2019
@zooba
bpo-36216: Add check for characters in netloc that normalize to separ…
30a7797 
…ators (pythonGH-12201)
zooba added a commit to zooba/cpython that referenced this pull request Mar 7, 2019
@zooba
bpo-36216: Add check for characters in netloc that normalize to separ…
8f5285a 
…ators (pythonGH-12201)
zooba added a commit to zooba/cpython that referenced this pull request Mar 7, 2019
@zooba
bpo-36216: Add check for characters in netloc that normalize to separ…
3e3669c 
…ators (pythonGH-12201)
zooba added a commit that referenced this pull request Mar 7, 2019
@zooba
bpo-36216: Add check for characters in netloc that normalize to separ…
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
daad2c4 
…ators (GH-12201)
zooba added a commit that referenced this pull request Mar 7, 2019
@zooba
bpo-36216: Add check for characters in netloc that normalize to separ…
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
e37ef41 
…ators (GH-12201)
zooba added a commit to zooba/cpython that referenced this pull request Mar 7, 2019
@zooba
bpo-36216: Add check for characters in netloc that normalize to separ…
3f47a77 
…ators (pythonGH-12201)
zooba added a commit to zooba/cpython that referenced this pull request Mar 7, 2019
@zooba
bpo-36216: Add check for characters in netloc that normalize to separ…
d08b50f 
…ators (pythonGH-12201)
larryhastings added a commit that referenced this pull request Mar 11, 2019
@zooba @larryhastings
bpo-36216: Add check for characters in netloc that normalize to separ…
Loading status checks…
62d3654 
…ators (GH-12201) (#12224)
larryhastings added a commit that referenced this pull request Mar 11, 2019
@zooba @larryhastings
bpo-36216: Add check for characters in netloc that normalize to separ…
Loading status checks…
c0d9511 
…ators (GH-12201) (#12223)
ned-deily added a commit that referenced this pull request Mar 12, 2019
@zooba @ned-deily
[3.6] bpo-36216: Add check for characters in netloc that normalize to…
Loading status checks…
23fc041 
… separators (GH-12201) (GH-12215)
ma8ma added a commit to ma8ma/cpython that referenced this pull request Apr 7, 2019
@zooba @ma8ma
bpo-36216: Add check for characters in netloc that normalize to separ…
91e1571 
…ators (pythonGH-12201)
arnolddumas added a commit to arnolddumas/cpython that referenced this pull request May 3, 2019
@zooba @arnolddumas
bpo-36216: Add check for characters in netloc that normalize to separ…
d4b7119 
…ators (pythonGH-12201)
@mcepl
mcepl reviewed May 28, 2019
View changes
Lib/urllib/parse.py
netloc2 = unicodedata.normalize('NFKC', netloc)
if netloc == netloc2:
return
_, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay

This comment has been minimized.

Sign in to view
Copy link
@mcepl

mcepl May 28, 2019
edited

Contributor

@zooba @tiran Could you tell me something about this line (it is now https://github.com/python/cpython/blob/master/Lib/urllib/parse.py#L405)? It seems to me that it exactly makes the first example from https://bugs.python.org/issue36216 fail as before:

>>> u = "https://example.com\uFF03@bing.com"
>>> urlsplit(u).netloc.rpartition("@")[2]
bing.com
mingwandroid added a commit to mingwandroid/cpython that referenced this pull request Aug 6, 2019
@zooba @mingwandroid
bpo-36216: Add check for characters in netloc that normalize to separ…
6d6d082 
…ators (pythonGH-12201)
mingwandroid added a commit to mingwandroid/cpython that referenced this pull request Aug 6, 2019
@zooba @mingwandroid
bpo-36216: Add check for characters in netloc that normalize to separ…
f1d7561 
…ators (pythonGH-12201)
mingwandroid added a commit to mingwandroid/cpython that referenced this pull request Aug 9, 2019
@zooba @mingwandroid
bpo-36216: Add check for characters in netloc that normalize to separ…
6adcf58 
…ators (pythonGH-12201)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcepl mcepl

@tiran tiran

Assignees
No one assigned
Labels
CLA signed type-security
Projects
None yet
Milestone
No milestone
5 participants
@zooba @bedevere-bot @tiran @mcepl @the-knights-who-say-ni
You can’t perform that action at this time.