Bug 1397149 - Restrict URL preparation to HTTP/HTTPS
Summary: Restrict URL preparation to HTTP/HTTPS
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: python-requests
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jeremy Cline
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1397326 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-21 17:53 UTC by Lukas Slebodnik
Modified: 2016-11-23 15:06 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-23 15:06:50 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Lukas Slebodnik 2016-11-21 17:53:34 UTC 
Description of problem:
The recent upgrade of python-request broke using of http over unix socket.
e.g. url is 'http+unix://%2Fvar%2Frun%2Fsecrets.socket/secrets/'

  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 535, in post                         
    return self.request('POST', url, data=data, json=json, **kwargs)                                      
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 474, in request                      
    prep = self.prepare_request(req)                                                                      
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 407, in prepare_request              
    hooks=merge_hooks(request.hooks, self.hooks),                                                         
  File "/usr/lib/python2.7/site-packages/requests/models.py", line 302, in prepare                        
    self.prepare_url(url, params)                                                                         
  File "/usr/lib/python2.7/site-packages/requests/models.py", line 372, in prepare_url                    
    raise InvalidURL('URL has an invalid label.')                                                         
InvalidURL: URL has an invalid label.


The host part of url validation failed because of % and / are invalid code points in uts46 / IDNA 2008

Version-Release number of selected component (if applicable):
python2-requests 2.12.1-1.fc26

How reproducible:
Deterministic

Steps to Reproduce:
    def test_url_passthrough(protocol, url):
        session = requests.Session()
        session.mount(protocol, HTTPAdapter())
        p = requests.Request('GET', url=url)
        p.prepare()
        assert p.url == url
    
    test_url_passthrough("http+unix://", b"http+unix://%2Fvar%2Frun%2Fsocket/path")
   


Additional info:
Here is a related pull request
https://github.com/kennethreitz/requests/pull/3713

Please backport it after merge.
Comment 1 Jeremy Cline 2016-11-21 18:34:35 UTC 
Hey, thanks for letting me know!

I'll keep an eye on it and backport it when it's merged if they don't make a bugfix release with this.
Comment 2 Lukas Slebodnik 2016-11-22 11:19:54 UTC 
*** Bug 1397326 has been marked as a duplicate of this bug. ***
Comment 3 Jeremy Cline 2016-11-22 14:35:28 UTC 
I just wanted to let you know I saw #3713 got merged, but there's a few other things broken due to the IDNA work, so I'd like to wait for those before I do another build.
Comment 4 Jeremy Cline 2016-11-23 15:06:50 UTC 
Fixed in python-requests-2.12.1-2.fc26 which is now built for rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=16581389
Note You need to log in before you can comment on or make changes to this bug.