* [PATCH][1.18] fetch2: Don't allow '/' in user:pass, fix branch containing '@'
@ 2014-01-21 15:44 Martin Jansa
2014-02-16 22:42 ` Martin Jansa
0 siblings, 1 reply; 2+ messages in thread
From: Martin Jansa @ 2014-01-21 15:44 UTC (permalink / raw)
To: bitbake-devel; +Cc: Paul Eggleton
From: Martin Jansa <martin.jansa@gmail.com>
* currently decode_url regexp parses branch=@foo as username so it ends like this:
- ('git', '', 'foo', 'git.openembedded.org/bitbake;branch=', '', {})
+ ('git', 'git.openembedded.org', '/bitbake', '', '', {'branch': '@foo'})
* http://hg.python.org/cpython/file/2.7/Lib/urlparse.py also assumes
that there is at least one '/' as separator between netloc and path,
params, so it looks reasonable to prevent including '/' in username
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
lib/bb/fetch2/__init__.py | 2 +-
lib/bb/tests/fetch.py | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/bb/fetch2/__init__.py b/lib/bb/fetch2/__init__.py
index 9499a91..8f195f2 100644
--- a/lib/bb/fetch2/__init__.py
+++ b/lib/bb/fetch2/__init__.py
@@ -329,7 +329,7 @@ def decodeurl(url):
user, password, parameters).
"""
- m = re.compile('(?P<type>[^:]*)://((?P<user>.+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
+ m = re.compile('(?P<type>[^:]*)://((?P<user>[^/]+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
if not m:
raise MalformedUrl(url)
diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py
index 4bcff54..e134a31 100644
--- a/lib/bb/tests/fetch.py
+++ b/lib/bb/tests/fetch.py
@@ -407,7 +407,8 @@ class URLHandle(unittest.TestCase):
datatable = {
"http://www.google.com/index.html" : ('http', 'www.google.com', '/index.html', '', '', {}),
"cvs://anoncvs@cvs.handhelds.org/cvs;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', '', {'module': 'familiar/dist/ipkg'}),
- "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'})
+ "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'}),
+ "git://git.openembedded.org/bitbake;branch=@foo" : ('git', 'git.openembedded.org', '/bitbake', '', '', {'branch': '@foo'})
}
def test_decodeurl(self):
--
1.8.5.3
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH][1.18] fetch2: Don't allow '/' in user:pass, fix branch containing '@'
2014-01-21 15:44 [PATCH][1.18] fetch2: Don't allow '/' in user:pass, fix branch containing '@' Martin Jansa
@ 2014-02-16 22:42 ` Martin Jansa
0 siblings, 0 replies; 2+ messages in thread
From: Martin Jansa @ 2014-02-16 22:42 UTC (permalink / raw)
To: bitbake-devel; +Cc: Paul Eggleton
[-- Attachment #1: Type: text/plain, Size: 2599 bytes --]
On Tue, Jan 21, 2014 at 04:44:10PM +0100, Martin Jansa wrote:
> From: Martin Jansa <martin.jansa@gmail.com>
Ping
>
> * currently decode_url regexp parses branch=@foo as username so it ends like this:
> - ('git', '', 'foo', 'git.openembedded.org/bitbake;branch=', '', {})
> + ('git', 'git.openembedded.org', '/bitbake', '', '', {'branch': '@foo'})
> * http://hg.python.org/cpython/file/2.7/Lib/urlparse.py also assumes
> that there is at least one '/' as separator between netloc and path,
> params, so it looks reasonable to prevent including '/' in username
>
> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> ---
> lib/bb/fetch2/__init__.py | 2 +-
> lib/bb/tests/fetch.py | 3 ++-
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/lib/bb/fetch2/__init__.py b/lib/bb/fetch2/__init__.py
> index 9499a91..8f195f2 100644
> --- a/lib/bb/fetch2/__init__.py
> +++ b/lib/bb/fetch2/__init__.py
> @@ -329,7 +329,7 @@ def decodeurl(url):
> user, password, parameters).
> """
>
> - m = re.compile('(?P<type>[^:]*)://((?P<user>.+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
> + m = re.compile('(?P<type>[^:]*)://((?P<user>[^/]+)@)?(?P<location>[^;]+)(;(?P<parm>.*))?').match(url)
> if not m:
> raise MalformedUrl(url)
>
> diff --git a/lib/bb/tests/fetch.py b/lib/bb/tests/fetch.py
> index 4bcff54..e134a31 100644
> --- a/lib/bb/tests/fetch.py
> +++ b/lib/bb/tests/fetch.py
> @@ -407,7 +407,8 @@ class URLHandle(unittest.TestCase):
> datatable = {
> "http://www.google.com/index.html" : ('http', 'www.google.com', '/index.html', '', '', {}),
> "cvs://anoncvs@cvs.handhelds.org/cvs;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', '', {'module': 'familiar/dist/ipkg'}),
> - "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'})
> + "cvs://anoncvs:anonymous@cvs.handhelds.org/cvs;tag=V0-99-81;module=familiar/dist/ipkg" : ('cvs', 'cvs.handhelds.org', '/cvs', 'anoncvs', 'anonymous', {'tag': 'V0-99-81', 'module': 'familiar/dist/ipkg'}),
> + "git://git.openembedded.org/bitbake;branch=@foo" : ('git', 'git.openembedded.org', '/bitbake', '', '', {'branch': '@foo'})
> }
>
> def test_decodeurl(self):
> --
> 1.8.5.3
>
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-02-16 22:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-21 15:44 [PATCH][1.18] fetch2: Don't allow '/' in user:pass, fix branch containing '@' Martin Jansa
2014-02-16 22:42 ` Martin Jansa
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.