Commit c62ac84a authored by Kirill Smelkov's avatar Kirill Smelkov Committed by Levin Zimmermann

fixup! Y client: Fix URI scheme to move credentials out of query

parse_qsl no longer treats ';' as valid query separator for security
reason because most proxies did not do so and it was possible to poison
proxy cache due to difference in query separator handling (see bugs.python.org/issue42967).

To handle credentials we don't have any proxy here, and it is still
perfectly valid to use ';' as credentials separator.

-> Fix it with ';' -> '&' replace workaround, before feeding credentials
string to parse_qsl.

Amends: b9a42957.
parent 0171e75d
...@@ -84,6 +84,7 @@ def _resolve_uri(uri): ...@@ -84,6 +84,7 @@ def _resolve_uri(uri):
if scheme != "neos": if scheme != "neos":
raise ValueError("invalid uri: %s : credentials can be specified only with neos:// scheme" % uri) raise ValueError("invalid uri: %s : credentials can be specified only with neos:// scheme" % uri)
# ca=ca.crt;cert=my.crt;key=my.key # ca=ca.crt;cert=my.crt;key=my.key
cred = cred.replace(';', '&') # ; is no longer in default separators set bugs.python.org/issue42967
for k, v in OrderedDict(parse_qsl(cred)).items(): for k, v in OrderedDict(parse_qsl(cred)).items():
if k not in _credopts: if k not in _credopts:
raise ValueError("invalid uri: %s : unexpected credential %s" % (uri, k)) raise ValueError("invalid uri: %s : unexpected credential %s" % (uri, k))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment