diff options
| author | matthewbelisle-wf <matthew.belisle@workiva.com> | 2018-10-19 10:52:59 (GMT) |
|---|---|---|
| committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2018-10-19 10:52:59 (GMT) |
| commit | 209144831b0a19715bda3bd72b14a3e6192d9cc1 (patch) | |
| tree | 872e8d5460807aaf6f02b72a0c3b8f4202739ba2 /Lib/test/test_urlparse.py | |
| parent | f081fd83032be48aefdb1bbcc38ab5deb03785d5 (diff) | |
| download | cpython-209144831b0a19715bda3bd72b14a3e6192d9cc1.zip cpython-209144831b0a19715bda3bd72b14a3e6192d9cc1.tar.gz cpython-209144831b0a19715bda3bd72b14a3e6192d9cc1.tar.bz2 | |
bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)
Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by
limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
Diffstat (limited to 'Lib/test/test_urlparse.py')
| -rw-r--r-- | Lib/test/test_urlparse.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py index cd3eabb..6738863 100644 --- a/Lib/test/test_urlparse.py +++ b/Lib/test/test_urlparse.py @@ -880,6 +880,13 @@ class UrlParseTestCase(unittest.TestCase): errors="ignore") self.assertEqual(result, [('key', '\u0141-')]) + def test_parse_qsl_max_num_fields(self): + with self.assertRaises(ValueError): + urllib.parse.parse_qs('&'.join(['a=a']*11), max_num_fields=10) + with self.assertRaises(ValueError): + urllib.parse.parse_qs(';'.join(['a=a']*11), max_num_fields=10) + urllib.parse.parse_qs('&'.join(['a=a']*10), max_num_fields=10) + def test_urlencode_sequences(self): # Other tests incidentally urlencode things; test non-covered cases: # Sequence and object values. |