Respond to R. David Murray review suggestions

python · ambv · Aug 29, 2021 · May 8, 2021 · Aug 29, 2021 · Aug 29, 2021
commit 4e0ee170be5f4cf849a1a8f9f4e589c9bdadcce2
@@ -367,10 +367,15 @@ def send(self, s):
     def putcmd(self, cmd, args=""):
         """Send a command to the server."""
         if args == "":
-            str = cmd
+            s = cmd
         else:
-            str = '%s %s' % (cmd, args)
-        self.send('%s%s' % (str.replace('\n', '\\n'), CRLF))
+            s = f'{cmd} {args}'
+        if '\r' in s or '\n' in s:
+            s = s.replace('\n', '\\n').replace('\r', '\\r')
+            raise ValueError(
+                f'command and arguments contain prohibited newline characters: {s}'
+            )
+        self.send(f'{s}{CRLF}')
 
     def getreply(self):
         """Get a reply from the server.

@@ -341,9 +341,9 @@ def test_issue43124_putcmd_escapes_newline(self):
         smtp = smtplib.SMTP(HOST, self.port, local_hostname='localhost',
                             timeout=support.LOOPBACK_TIMEOUT)
         self.addCleanup(smtp.close)
-        expected = (500, b'Error: command "HELO\\NX-INJECTED" not recognized')
-        smtp.putcmd('helo\nX-INJECTED')
-        self.assertEqual(smtp.getreply(), expected)
+        with self.assertRaises(ValueError) as exc:
+            smtp.putcmd('helo\nX-INJECTED')
+        self.assertIn("prohibited newline characters", str(exc.exception))
         smtp.quit()
 
     def testVRFY(self):
@@ -434,14 +434,18 @@ def test_issue43124_escape_localhostname(self):
         smtp = smtplib.SMTP(HOST, self.port, local_hostname='hi\nX-INJECTED',
                             timeout=support.LOOPBACK_TIMEOUT)
         self.addCleanup(smtp.close)
-        smtp.sendmail("hi@me.com", "you@me.com", m)
+        with self.assertRaises(ValueError) as exc:
+            smtp.sendmail("hi@me.com", "you@me.com", m)
+        self.assertIn(
+            "prohibited newline characters: ehlo hi\\nX-INJECTED",
+            str(exc.exception),
+        )
         # XXX (see comment in testSend)
         time.sleep(0.01)
         smtp.quit()
 
         debugout = smtpd.DEBUGSTREAM.getvalue()
-        ehlo = re.compile(r"ehlo hi\\\\nX-INJECTED", re.MULTILINE)
-        self.assertRegex(debugout, ehlo)
+        self.assertNotIn("X-INJECTED", debugout)
 
     def test_issue43124_escape_options(self):
         # see: https://bugs.python.org/issue43124
@@ -453,15 +457,20 @@ def test_issue43124_escape_options(self):
 
         self.addCleanup(smtp.close)
         smtp.sendmail("hi@me.com", "you@me.com", m)
-        smtp.mail("hi@me.com", ["X-OPTION\nX-INJECTED-1", "X-OPTION2\nX-INJECTED-2"])
+        with self.assertRaises(ValueError) as exc:
+            smtp.mail("hi@me.com", ["X-OPTION\nX-INJECTED-1", "X-OPTION2\nX-INJECTED-2"])
+        msg = str(exc.exception)
+        self.assertIn("prohibited newline characters", msg)
+        self.assertIn("X-OPTION\\nX-INJECTED-1 X-OPTION2\\nX-INJECTED-2", msg)
         # XXX (see comment in testSend)
         time.sleep(0.01)
         smtp.quit()
 
         debugout = smtpd.DEBUGSTREAM.getvalue()
-        expected_opts = re.compile(r"mail FROM:<hi@me.com> X-OPTION\\\\nX-INJECTED-1 X-OPTION2\\\\nX-INJECTED-2",
-                                   re.MULTILINE)
-        self.assertRegex(debugout, expected_opts)
+        self.assertNotIn("X-OPTION", debugout)
+        self.assertNotIn("X-OPTION2", debugout)
+        self.assertNotIn("X-INJECTED-1", debugout)
+        self.assertNotIn("X-INJECTED-2", debugout)
 
     def testSendNullSender(self):
         m = 'A test message'