8000 bpo-30458: Disallow control chars in http URLs. (GH-12755) by tapakund · Pull Request #13771 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

bpo-30458: Disallow control chars in http URLs. (GH-12755) #13771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

bpo-30458: Disallow control chars in http URLs. (GH-12755) #13771

wants to merge 1 commit into from

Conversation

tapakund
Copy link
@tapakund tapakund commented Jun 3, 2019
edited by bedevere-bot
Loading

Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.

Disable https related urllib tests on a build without ssl (GH-13032)
These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.

Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)

Co-Authored-By: Miro Hrončok miro@hroncok.cz

Signed-off-by: Tapas Kundu tkundu@vmware.com

https://bugs.python.org/issue30458

@the-knights-who-say-ni
Copy link

Hello, and thanks for your contribution!

I'm a bot set up to make sure that the project can legally accept your contribution by verifying you have signed the PSF contributor agreement (CLA).

Unfortunately we couldn't find an account corresponding to your GitHub username on bugs.python.org (b.p.o) to verify you have signed the CLA (this might be simply due to a missing "GitHub Name" entry in your b.p.o account settings). This is necessary for legal reasons before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue.

You can check yourself to see if the CLA has been received.

Thanks again for your contribution, we look forward to reviewing it!

@tirkarthi
Copy link
Member

There is already a backport to 3.5 . Is this different from #13207 ?

@tapakund
Copy link
Author
tapakund commented Jun 3, 2019

There is already a backport to 3.5 . Is this different from #13207 ?

Its the same.. Sorry I missed it..

Actually i was checking the issue - https://bugs.python.org/issue30458 and didn't see any backport to 3.5.. I will close this pull request.

Thanks for replying.

@tapakund tapakund closed this Jun 3, 2019
@tapakund
bpo-30458: Disallow control chars in http URLs. (GH-12755)
5cd3bca 
Disallow control chars in http URLs in urllib.urlopen.  This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.

Disable https related urllib tests on a build without ssl (GH-13032)
These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.

Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)

Co-Authored-By: Miro Hrončok <miro@hroncok.cz>

Signed-off-by: Tapas Kundu <tkundu@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
awaiting review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tapakund @the-knights-who-say-ni @tirkarthi @bedevere-bot
0