Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Newton
python-urllib3
urllib3-disallow-control-chars-in-http-urls.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File urllib3-disallow-control-chars-in-http-urls.patch of Package python-urllib3
Stripped down Backport of: https://github.com/urllib3/urllib3/pull/1591 (basically just this commit: https://github.com/urllib3/urllib3/pull/1591/commits/c147f359520cab339ec96b3ef96e471c0da261f6) and https://github.com/urllib3/urllib3/pull/1593 Index: urllib3-1.16/urllib3/util/url.py =================================================================== --- urllib3-1.16.orig/urllib3/util/url.py +++ urllib3-1.16/urllib3/util/url.py @@ -1,11 +1,15 @@ from __future__ import absolute_import from collections import namedtuple +import re from ..exceptions import LocationParseError +from six.moves.urllib.parse import quote url_attrs = ['scheme', 'auth', 'host', 'port', 'path', 'query', 'fragment'] +_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f]') + class Url(namedtuple('Url', url_attrs)): """ @@ -146,6 +150,10 @@ def parse_url(url): # Empty return Url() + # Prevent CVE-2019-9740. + # adapted from https://github.com/python/cpython/pull/12755 + url = _contains_disallowed_url_pchar_re.sub(lambda match: quote(match.group()), url) + scheme = None auth = None host = None
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor