Skip to content

bpo-30458: Disallow control chars in http URLs. (GH-12755)#13771

Closed
tapakund wants to merge 1 commit intopython:3.5from
tapakund:3.5
Closed

bpo-30458: Disallow control chars in http URLs. (GH-12755)#13771
tapakund wants to merge 1 commit intopython:3.5from
tapakund:3.5

Conversation

@tapakund
Copy link

@tapakund tapakund commented Jun 3, 2019
edited by bedevere-bot
Loading

Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.

Disable https related urllib tests on a build without ssl (GH-13032)
These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.

Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)

Co-Authored-By: Miro Hrončok miro@hroncok.cz

Signed-off-by: Tapas Kundu tkundu@vmware.com

https://bugs.python.org/issue30458

@the-knights-who-say-ni
Copy link

the-knights-who-say-ni commented Jun 3, 2019

Hello, and thanks for your contribution!

I'm a bot set up to make sure that the project can legally accept your contribution by verifying you have signed the PSF contributor agreement (CLA).

Unfortunately we couldn't find an account corresponding to your GitHub username on bugs.python.org (b.p.o) to verify you have signed the CLA (this might be simply due to a missing "GitHub Name" entry in your b.p.o account settings). This is necessary for legal reasons before we can look at your contribution. Please follow the steps outlined in the CPython devguide to rectify this issue.

You can check yourself to see if the CLA has been received.

Thanks again for your contribution, we look forward to reviewing it!

@tirkarthi
Copy link
Member

tirkarthi commented Jun 3, 2019

There is already a backport to 3.5 . Is this different from #13207 ?

@tapakund
Copy link
Author

tapakund commented Jun 3, 2019

There is already a backport to 3.5 . Is this different from #13207 ?

Its the same.. Sorry I missed it..

Actually i was checking the issue - https://bugs.python.org/issue30458 and didn't see any backport to 3.5.. I will close this pull request.

Thanks for replying.

@tapakund tapakund closed this Jun 3, 2019
@tapakund
bpo-30458: Disallow control chars in http URLs. (GH-12755)
5cd3bca 
Disallow control chars in http URLs in urllib.urlopen.  This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.

Disable https related urllib tests on a build without ssl (GH-13032)
These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.

Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)

Co-Authored-By: Miro Hrončok <miro@hroncok.cz>

Signed-off-by: Tapas Kundu <tkundu@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

awaiting review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tapakund @the-knights-who-say-ni @tirkarthi @bedevere-bot