diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2013-03-03 14:52:06 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2013-03-03 14:52:06 +1300 |
| commit | 2897ddfbee5ec3da72863cb8d5ee1370c9698f8a (patch) | |
| tree | 5515a2c5d87bd81d38ab45ffc617af9617b6aa23 | |
| parent | 1fe1a802adbef93b5b024a85d8dafb112ed652bb (diff) | |
| download | mitmproxy-2897ddfbee5ec3da72863cb8d5ee1370c9698f8a.tar.gz mitmproxy-2897ddfbee5ec3da72863cb8d5ee1370c9698f8a.tar.bz2 mitmproxy-2897ddfbee5ec3da72863cb8d5ee1370c9698f8a.zip | |
Stricter error checking for http.parse_url
| -rw-r--r-- | netlib/http.py | 13 | ||||
| -rw-r--r-- | test/test_http.py | 5 |
2 files changed, 18 insertions, 0 deletions
diff --git a/netlib/http.py b/netlib/http.py index 10b6a402..c864f1de 100644 --- a/netlib/http.py +++ b/netlib/http.py @@ -15,6 +15,11 @@ class HttpErrorConnClosed(HttpError): pass def parse_url(url): """ Returns a (scheme, host, port, path) tuple, or None on error. + + Checks that: + port is an integer + host is a valid IDNA-encoded hostname + path is valid ASCII """ scheme, netloc, path, params, query, fragment = urlparse.urlparse(url) if not scheme: @@ -34,6 +39,14 @@ def parse_url(url): path = urlparse.urlunparse(('', '', path, params, query, fragment)) if not path.startswith("/"): path = "/" + path + try: + host.decode("idna") + except ValueError: + return None + try: + path.decode("ascii") + except ValueError: + return None return scheme, host, port, path diff --git a/test/test_http.py b/test/test_http.py index 05dfdb8f..2cbba936 100644 --- a/test/test_http.py +++ b/test/test_http.py @@ -292,6 +292,11 @@ def test_parse_url(): assert not http.parse_url("https://foo:bar") assert not http.parse_url("https://foo:") + # Invalid IDNA + assert not http.parse_url("http://\xfafoo") + + assert not http.parse_url("http:/\xc6/localhost:56121") + def test_parse_http_basic_auth(): vals = ("basic", "foo", "bar") |