Add test capturing failed expectation. Ref #3659.

pypa · Nov 4, 2022 · 5791343 · 5791343
1 parent 1f97905
commit 5791343
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/setup.cfg b/setup.cfg
@@ -71,6 +71,7 @@ testing =
 	pip_run>=8.8
 	ini2toml[lite]>=0.9
 	tomli-w>=1.0.0
+	pytest-timeout
 
 testing-integration =
 	pytest

diff --git a/setuptools/package_index.py b/setuptools/package_index.py
@@ -1,4 +1,5 @@
-"""PyPI and direct package downloading"""
+"""PyPI and direct package downloading."""
+
 import sys
 import os
 import re
@@ -217,6 +218,9 @@ def wrapper(*args, **kwargs):
 
 
 REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
+"""
+Regex for an HTML tag with 'rel="val"' attributes.
+"""
 
 
 @unique_values

diff --git a/setuptools/tests/test_packageindex.py b/setuptools/tests/test_packageindex.py
@@ -305,3 +305,12 @@ def test_percent_in_password(self, temp_home):
         cred = cfg.creds_by_repository['https://pypi.org']
         assert cred.username == 'jaraco'
         assert cred.password == 'pity%'
+
+
+@pytest.mark.xfail(reason="#3659")
+@pytest.mark.timeout(1)
+def test_REL_DoS():
+    """
+    REL should not hang on a contrived attack string.
+    """
+    setuptools.package_index.REL.search('< rel=' + ' ' * 2**12)