Bug 1397149

Summary: Restrict URL preparation to HTTP/HTTPS
Product: [Fedora] Fedora Reporter: Lukas Slebodnik <lslebodn>
Component: python-requestsAssignee: Jeremy Cline <jeremy>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: cheimes, cstratak, infra-sig, jeremy, rbean, sagarun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-23 15:06:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Lukas Slebodnik 2016-11-21 17:53:34 UTC 
Description of problem:
The recent upgrade of python-request broke using of http over unix socket.
e.g. url is 'http+unix://%2Fvar%2Frun%2Fsecrets.socket/secrets/'

  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 535, in post                         
    return self.request('POST', url, data=data, json=json, **kwargs)                                      
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 474, in request                      
    prep = self.prepare_request(req)                                                                      
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 407, in prepare_request              
    hooks=merge_hooks(request.hooks, self.hooks),                                                         
  File "/usr/lib/python2.7/site-packages/requests/models.py", line 302, in prepare                        
    self.prepare_url(url, params)                                                                         
  File "/usr/lib/python2.7/site-packages/requests/models.py", line 372, in prepare_url                    
    raise InvalidURL('URL has an invalid label.')                                                         
InvalidURL: URL has an invalid label.


The host part of url validation failed because of % and / are invalid code points in uts46 / IDNA 2008

Version-Release number of selected component (if applicable):
python2-requests 2.12.1-1.fc26

How reproducible:
Deterministic

Steps to Reproduce:
    def test_url_passthrough(protocol, url):
        session = requests.Session()
        session.mount(protocol, HTTPAdapter())
        p = requests.Request('GET', url=url)
        p.prepare()
        assert p.url == url
    
    test_url_passthrough("http+unix://", b"http+unix://%2Fvar%2Frun%2Fsocket/path")
   


Additional info:
Here is a related pull request
https://github.com/kennethreitz/requests/pull/3713

Please backport it after merge.
Comment 1 Jeremy Cline 2016-11-21 18:34:35 UTC 
Hey, thanks for letting me know!

I'll keep an eye on it and backport it when it's merged if they don't make a bugfix release with this.
Comment 2 Lukas Slebodnik 2016-11-22 11:19:54 UTC 
*** Bug 1397326 has been marked as a duplicate of this bug. ***
Comment 3 Jeremy Cline 2016-11-22 14:35:28 UTC 
I just wanted to let you know I saw #3713 got merged, but there's a few other things broken due to the IDNA work, so I'd like to wait for those before I do another build.
Comment 4 Jeremy Cline 2016-11-23 15:06:50 UTC 
Fixed in python-requests-2.12.1-2.fc26 which is now built for rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=16581389