summaryrefslogtreecommitdiffstats
path: root/Lib/test
diff options
context:
space:
mode:
authorAshwin Ramaswami <aramaswamis@gmail.com>2020-03-30 00:38:41 (GMT)
committerGitHub <noreply@github.com>2020-03-30 00:38:41 (GMT)
commit614f17211c5fc0e5b828be1d3320661d1038fe8f (patch)
treeceb4506a92bc77dab1954a7caed397587d6b2c14 /Lib/test
parent0003c2dc1d4cf5b122e73e83177fd274fa9a9913 (diff)
downloadcpython-614f17211c5fc0e5b828be1d3320661d1038fe8f.zip
cpython-614f17211c5fc0e5b828be1d3320661d1038fe8f.tar.gz
cpython-614f17211c5fc0e5b828be1d3320661d1038fe8f.tar.bz2
bpo-39073: validate Address parts to disallow CRLF (#19007)
Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
Diffstat (limited to 'Lib/test')
-rw-r--r--Lib/test/test_email/test_headerregistry.py19
1 files changed, 19 insertions, 0 deletions
diff --git a/Lib/test/test_email/test_headerregistry.py b/Lib/test/test_email/test_headerregistry.py
index 38f7ddb..82e1213 100644
--- a/Lib/test/test_email/test_headerregistry.py
+++ b/Lib/test/test_email/test_headerregistry.py
@@ -1437,6 +1437,25 @@ class TestAddressAndGroup(TestEmailBase):
# with self.assertRaises(ValueError):
# Address('foo', 'wők', 'example.com')
+ def test_crlf_in_constructor_args_raises(self):
+ cases = (
+ dict(display_name='foo\r'),
+ dict(display_name='foo\n'),
+ dict(display_name='foo\r\n'),
+ dict(domain='example.com\r'),
+ dict(domain='example.com\n'),
+ dict(domain='example.com\r\n'),
+ dict(username='wok\r'),
+ dict(username='wok\n'),
+ dict(username='wok\r\n'),
+ dict(addr_spec='wok@example.com\r'),
+ dict(addr_spec='wok@example.com\n'),
+ dict(addr_spec='wok@example.com\r\n')
+ )
+ for kwargs in cases:
+ with self.subTest(kwargs=kwargs), self.assertRaisesRegex(ValueError, "invalid arguments"):
+ Address(**kwargs)
+
def test_non_ascii_username_in_addr_spec_raises(self):
with self.assertRaises(ValueError):
Address('foo', addr_spec='wők@example.com')
generated by cgit v0.12 at 2025-03-04 21:28:46 (GMT)