From 34f3fcc269be2ecded57ff3ae336977c5e74c42f Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 15 May 2012 22:30:25 +0800 Subject: Issue #12541: Be lenient with quotes around Realm field of HTTP Basic Authentation in urllib2. G: changed Misc/NEWS --- Lib/test/test_urllib2.py | 15 +++++++++++++++ Lib/urllib/request.py | 2 +- Misc/NEWS | 3 +++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py index 3d80e01..911a0af 100644 --- a/Lib/test/test_urllib2.py +++ b/Lib/test/test_urllib2.py @@ -1218,6 +1218,21 @@ class HandlerTests(unittest.TestCase): def test_basic_auth_with_single_quoted_realm(self): self.test_basic_auth(quote_char="'") + def test_basic_auth_with_unquoted_realm(self): + opener = OpenerDirector() + password_manager = MockPasswordManager() + auth_handler = urllib.request.HTTPBasicAuthHandler(password_manager) + realm = "ACME Widget Store" + http_handler = MockHTTPHandler( + 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm) + opener.add_handler(auth_handler) + opener.add_handler(http_handler) + self._test_basic_auth(opener, auth_handler, "Authorization", + realm, http_handler, password_manager, + "http://acme.example.com/protected", + "http://acme.example.com/protected", + ) + def test_proxy_basic_auth(self): opener = OpenerDirector() ph = urllib.request.ProxyHandler(dict(http="proxy.example.com:3128")) diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py index fe2cfcd..cbcbe1a 100644 --- a/Lib/urllib/request.py +++ b/Lib/urllib/request.py @@ -794,7 +794,7 @@ class AbstractBasicAuthHandler: # allow for double- and single-quoted realm values # (single quotes are a violation of the RFC, but appear in the wild) rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' - 'realm=(["\'])(.*?)\\2', re.I) + 'realm=(["\']?)([^"\']*)\\2', re.I) # XXX could pre-emptively send auth info already accepted (RFC 2617, # end of section 2, and section 1.2 immediately after "credentials" diff --git a/Misc/NEWS b/Misc/NEWS index 10b5453..f3b14b3 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -63,6 +63,9 @@ Core and Builtins Library ------- +- Issue #12541: Be lenient with quotes around Realm field of HTTP Basic + Authentation in urllib2. + - Issue #14662: Prevent shutil failures on OS X when destination does not support chflag operations. Patch by Hynek Schlawack. -- cgit v0.12 From 66bfcc1b0f3b1eb4905b3ef1054b8afc1219aacb Mon Sep 17 00:00:00 2001 From: Hynek Schlawack Date: Tue, 15 May 2012 16:32:21 +0200 Subject: #14773: Fix os.fwalk() failing on dangling symlinks --- Lib/os.py | 24 +++++++++++++++++------- Lib/test/test_os.py | 6 +++++- Misc/NEWS | 2 ++ 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/Lib/os.py b/Lib/os.py index ed2a31e..af4990f 100644 --- a/Lib/os.py +++ b/Lib/os.py @@ -353,13 +353,23 @@ if _exists("openat"): names = flistdir(topfd) dirs, nondirs = [], [] for name in names: - # Here, we don't use AT_SYMLINK_NOFOLLOW to be consistent with - # walk() which reports symlinks to directories as directories. We do - # however check for symlinks before recursing into a subdirectory. - if st.S_ISDIR(fstatat(topfd, name).st_mode): - dirs.append(name) - else: - nondirs.append(name) + try: + # Here, we don't use AT_SYMLINK_NOFOLLOW to be consistent with + # walk() which reports symlinks to directories as directories. + # We do however check for symlinks before recursing into + # a subdirectory. + if st.S_ISDIR(fstatat(topfd, name).st_mode): + dirs.append(name) + else: + nondirs.append(name) + except FileNotFoundError: + try: + # Add dangling symlinks, ignore disappeared files + if st.S_ISLNK(fstatat(topfd, name, AT_SYMLINK_NOFOLLOW) + .st_mode): + nondirs.append(name) + except FileNotFoundError: + continue if topdown: yield toppath, dirs, nondirs, topfd diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py index 066bf72..1e0daf0 100644 --- a/Lib/test/test_os.py +++ b/Lib/test/test_os.py @@ -651,6 +651,7 @@ class WalkTests(unittest.TestCase): # SUB2/ a file kid and a dirsymlink kid # tmp3 # link/ a symlink to TESTFN.2 + # broken_link # TEST2/ # tmp4 a lone file walk_path = join(support.TESTFN, "TEST1") @@ -663,6 +664,8 @@ class WalkTests(unittest.TestCase): link_path = join(sub2_path, "link") t2_path = join(support.TESTFN, "TEST2") tmp4_path = join(support.TESTFN, "TEST2", "tmp4") + link_path = join(sub2_path, "link") + broken_link_path = join(sub2_path, "broken_link") # Create stuff. os.makedirs(sub11_path) @@ -679,7 +682,8 @@ class WalkTests(unittest.TestCase): else: symlink_to_dir = os.symlink symlink_to_dir(os.path.abspath(t2_path), link_path) - sub2_tree = (sub2_path, ["link"], ["tmp3"]) + symlink_to_dir('broken', broken_link_path) + sub2_tree = (sub2_path, ["link"], ["broken_link", "tmp3"]) else: sub2_tree = (sub2_path, [], ["tmp3"]) diff --git a/Misc/NEWS b/Misc/NEWS index 95a2c4f..0e36903 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -31,6 +31,8 @@ Core and Builtins Library ------- +- Issue 14773: Fix os.fwalk() failing on dangling symlinks. + - Issue 14807: move undocumented tarfile.filemode() to stat.filemode() and add doc entry. Add tarfile.filemode alias with deprecation warning. -- cgit v0.12 From c96f5a0457caea1757acdbac8626559542242b8c Mon Sep 17 00:00:00 2001 From: Hynek Schlawack Date: Tue, 15 May 2012 17:55:38 +0200 Subject: Sort file list in test_os.WalkTests Adding new files into the tree lead to buildbot fails as the order wasn't deterministic. --- Lib/test/test_os.py | 1 + Misc/NEWS | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py index 1e0daf0..9a84ba1 100644 --- a/Lib/test/test_os.py +++ b/Lib/test/test_os.py @@ -695,6 +695,7 @@ class WalkTests(unittest.TestCase): # flipped: TESTFN, SUB2, SUB1, SUB11 flipped = all[0][1][0] != "SUB1" all[0][1].sort() + all[3 - 2 * flipped][-1].sort() self.assertEqual(all[0], (walk_path, ["SUB1", "SUB2"], ["tmp1"])) self.assertEqual(all[1 + flipped], (sub1_path, ["SUB11"], ["tmp2"])) self.assertEqual(all[2 + flipped], (sub11_path, [], [])) diff --git a/Misc/NEWS b/Misc/NEWS index c79713f..4870979 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -31,12 +31,12 @@ Core and Builtins Library ------- -- Issue 14773: Fix os.fwalk() failing on dangling symlinks. +- Issue #14773: Fix os.fwalk() failing on dangling symlinks. - Issue #12541: Be lenient with quotes around Realm field of HTTP Basic Authentation in urllib2. -- Issue 14807: move undocumented tarfile.filemode() to stat.filemode() and add +- Issue #14807: move undocumented tarfile.filemode() to stat.filemode() and add doc entry. Add tarfile.filemode alias with deprecation warning. - Issue #13815: TarFile.extractfile() now returns io.BufferedReader objects. -- cgit v0.12 From 0ea91cb5c6eac161722b3109ac636d5c782bf454 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 15 May 2012 23:59:42 +0800 Subject: Issue12541 - Add UserWarning for unquoted realms --- Lib/test/test_urllib2.py | 11 ++++++----- Lib/urllib/request.py | 4 ++++ 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py index 911a0af..3ace66e 100644 --- a/Lib/test/test_urllib2.py +++ b/Lib/test/test_urllib2.py @@ -1227,11 +1227,12 @@ class HandlerTests(unittest.TestCase): 401, 'WWW-Authenticate: Basic realm=%s\r\n\r\n' % realm) opener.add_handler(auth_handler) opener.add_handler(http_handler) - self._test_basic_auth(opener, auth_handler, "Authorization", - realm, http_handler, password_manager, - "http://acme.example.com/protected", - "http://acme.example.com/protected", - ) + with self.assertWarns(UserWarning): + self._test_basic_auth(opener, auth_handler, "Authorization", + realm, http_handler, password_manager, + "http://acme.example.com/protected", + "http://acme.example.com/protected", + ) def test_proxy_basic_auth(self): opener = OpenerDirector() diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py index cbcbe1a..0035e70 100644 --- a/Lib/urllib/request.py +++ b/Lib/urllib/request.py @@ -95,6 +95,7 @@ import socket import sys import time import collections +import warnings from urllib.error import URLError, HTTPError, ContentTooShortError from urllib.parse import ( @@ -827,6 +828,9 @@ class AbstractBasicAuthHandler: mo = AbstractBasicAuthHandler.rx.search(authreq) if mo: scheme, quote, realm = mo.groups() + if quote not in ["'", '"']: + warnings.warn("Basic Auth Realm was unquoted", + UserWarning, 2) if scheme.lower() == 'basic': response = self.retry_http_basic_auth(host, req, realm) if response and response.code != 401: -- cgit v0.12 From 39bf90d31955055929e475085f20ea88ca3d3daf Mon Sep 17 00:00:00 2001 From: Hynek Schlawack Date: Tue, 15 May 2012 18:40:17 +0200 Subject: Add two more sorts to test_os.WalkTests I've missed before --- Lib/test/test_os.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py index 9a84ba1..9b29b37 100644 --- a/Lib/test/test_os.py +++ b/Lib/test/test_os.py @@ -711,6 +711,7 @@ class WalkTests(unittest.TestCase): dirs.remove('SUB1') self.assertEqual(len(all), 2) self.assertEqual(all[0], (walk_path, ["SUB2"], ["tmp1"])) + all[1][-1].sort() self.assertEqual(all[1], sub2_tree) # Walk bottom-up. @@ -721,6 +722,7 @@ class WalkTests(unittest.TestCase): # flipped: SUB2, SUB11, SUB1, TESTFN flipped = all[3][1][0] != "SUB1" all[3][1].sort() + all[2 - 2 * flipped][-1].sort() self.assertEqual(all[3], (walk_path, ["SUB1", "SUB2"], ["tmp1"])) self.assertEqual(all[flipped], (sub11_path, [], [])) self.assertEqual(all[flipped + 1], (sub1_path, ["SUB11"], ["tmp2"])) -- cgit v0.12 From 77fa9379e2fd9c074b4c002c0fd5d43caca80fff Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Tue, 15 May 2012 10:10:27 -0700 Subject: use Py_ssize_t for ast sequence lengths --- Parser/asdl_c.py | 4 ++-- Python/Python-ast.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Parser/asdl_c.py b/Parser/asdl_c.py index 81a3d6a..769f73f 100755 --- a/Parser/asdl_c.py +++ b/Parser/asdl_c.py @@ -784,7 +784,7 @@ static int add_attributes(PyTypeObject* type, char**attrs, int num_fields) static PyObject* ast2obj_list(asdl_seq *seq, PyObject* (*func)(void*)) { - int i, n = asdl_seq_LEN(seq); + Py_ssize_t i, n = asdl_seq_LEN(seq); PyObject *result = PyList_New(n); PyObject *value; if (!result) @@ -1106,7 +1106,7 @@ class ObjVisitor(PickleVisitor): # While the sequence elements are stored as void*, # ast2obj_cmpop expects an enum self.emit("{", depth) - self.emit("int i, n = asdl_seq_LEN(%s);" % value, depth+1) + self.emit("Py_ssize_t i, n = asdl_seq_LEN(%s);" % value, depth+1) self.emit("value = PyList_New(n);", depth+1) self.emit("if (!value) goto failed;", depth+1) self.emit("for(i = 0; i < n; i++)", depth+1) diff --git a/Python/Python-ast.c b/Python/Python-ast.c index d9e13e2..4ca269f 100644 --- a/Python/Python-ast.c +++ b/Python/Python-ast.c @@ -636,7 +636,7 @@ static int add_attributes(PyTypeObject* type, char**attrs, int num_fields) static PyObject* ast2obj_list(asdl_seq *seq, PyObject* (*func)(void*)) { - int i, n = asdl_seq_LEN(seq); + Py_ssize_t i, n = asdl_seq_LEN(seq); PyObject *result = PyList_New(n); PyObject *value; if (!result) @@ -2857,7 +2857,7 @@ ast2obj_expr(void* _o) goto failed; Py_DECREF(value); { - int i, n = asdl_seq_LEN(o->v.Compare.ops); + Py_ssize_t i, n = asdl_seq_LEN(o->v.Compare.ops); value = PyList_New(n); if (!value) goto failed; for(i = 0; i < n; i++) -- cgit v0.12 From c0181eb44921ba2fa8ac251101fc9a7c2924711d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20v=2E=20L=C3=B6wis?= Date: Tue, 15 May 2012 20:04:25 +0200 Subject: Stop including gzio in the build; it's not used. --- PCbuild/pythoncore.vcxproj | 6 ------ PCbuild/pythoncore.vcxproj.filters | 3 --- 2 files changed, 9 deletions(-) diff --git a/PCbuild/pythoncore.vcxproj b/PCbuild/pythoncore.vcxproj index c8985cf..fd4a254 100644 --- a/PCbuild/pythoncore.vcxproj +++ b/PCbuild/pythoncore.vcxproj @@ -564,12 +564,6 @@ - - _CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) - _CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) - _CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) - _CRT_SECURE_NO_DEPRECATE;%(PreprocessorDefinitions) - diff --git a/PCbuild/pythoncore.vcxproj.filters b/PCbuild/pythoncore.vcxproj.filters index 4e8997d..f053b98 100644 --- a/PCbuild/pythoncore.vcxproj.filters +++ b/PCbuild/pythoncore.vcxproj.filters @@ -578,9 +578,6 @@ Modules\zlib - - Modules\zlib - Modules\zlib -- cgit v0.12 From 9b704ec9e1049788157a7f042ef765a4bb058b68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Fran=C3=A7ois=20Natali?= Date: Tue, 15 May 2012 21:00:32 +0200 Subject: Add versionadded for hmac.secure_compare(). --- Doc/library/hmac.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/Doc/library/hmac.rst b/Doc/library/hmac.rst index e8f6488..8274bb1 100644 --- a/Doc/library/hmac.rst +++ b/Doc/library/hmac.rst @@ -83,6 +83,7 @@ This module also provides the following helper function: contents of the inputs via a timing attack, it does leak the length of the inputs. However, this generally is not a security risk. + .. versionadded:: 3.3 .. seealso:: -- cgit v0.12