From 4610a9afaac7dca8c80037220283ea2b1fe1968c Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Tue, 26 Jan 2021 01:18:24 +0400 Subject: [PATCH 1/2] Never compare bytes and str in putheader() --- src/urllib3/connection.py | 12 ++++++++++-- src/urllib3/util/__init__.py | 3 ++- src/urllib3/util/request.py | 1 + 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py index 571b689edd..8c9efe4bdd 100644 --- a/src/urllib3/connection.py +++ b/src/urllib3/connection.py @@ -25,7 +25,7 @@ class BaseSSLError(BaseException): from ._version import __version__ from .exceptions import ConnectTimeoutError, NewConnectionError, SystemTimeWarning from .packages.ssl_match_hostname import CertificateError, match_hostname -from .util import SKIP_HEADER, SKIPPABLE_HEADERS, connection +from .util import BYTES_SKIP_HEADER, SKIP_HEADER, SKIPPABLE_HEADERS, connection from .util.ssl_ import ( assert_fingerprint, create_urllib3_context, @@ -182,9 +182,17 @@ def putrequest(self, method, url, *args, **kwargs): return super().putrequest(method, url, *args, **kwargs) + def _skipheader_in_values(self, values): + for v in values: + if isinstance(v, str) and v == SKIP_HEADER: + return True + elif isinstance(v, bytes) and v == BYTES_SKIP_HEADER: + return True + return False + def putheader(self, header, *values): """""" - if SKIP_HEADER not in values: + if not self._skipheader_in_values(values): super().putheader(header, *values) elif to_str(header.lower()) not in SKIPPABLE_HEADERS: raise ValueError( diff --git a/src/urllib3/util/__init__.py b/src/urllib3/util/__init__.py index 395daeb222..6d5c903c4e 100644 --- a/src/urllib3/util/__init__.py +++ b/src/urllib3/util/__init__.py @@ -1,6 +1,6 @@ # For backwards compatibility, provide imports that used to be here. from .connection import is_connection_dropped -from .request import SKIP_HEADER, SKIPPABLE_HEADERS, make_headers +from .request import BYTES_SKIP_HEADER, SKIP_HEADER, SKIPPABLE_HEADERS, make_headers from .response import is_fp_closed from .retry import Retry from .ssl_ import ( @@ -42,6 +42,7 @@ "ssl_wrap_socket", "wait_for_read", "wait_for_write", + "BYTES_SKIP_HEADER", "SKIP_HEADER", "SKIPPABLE_HEADERS", ) diff --git a/src/urllib3/util/request.py b/src/urllib3/util/request.py index 64d40641df..cae900513e 100644 --- a/src/urllib3/util/request.py +++ b/src/urllib3/util/request.py @@ -7,6 +7,7 @@ # The only headers that are supported are ``Accept-Encoding``, # ``Host``, and ``User-Agent``. SKIP_HEADER = "@@@SKIP_HEADER@@@" +BYTES_SKIP_HEADER = SKIP_HEADER.encode("ascii") SKIPPABLE_HEADERS = frozenset(["accept-encoding", "host", "user-agent"]) ACCEPT_ENCODING = "gzip,deflate" From f0fb0954923a454231023f040e5d058eb737cc0b Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Tue, 26 Jan 2021 01:36:23 +0400 Subject: [PATCH 2/2] Stop accepting bytes SKIP_HEADERS --- src/urllib3/connection.py | 12 ++---------- src/urllib3/util/__init__.py | 3 +-- src/urllib3/util/request.py | 1 - 3 files changed, 3 insertions(+), 13 deletions(-) diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py index 8c9efe4bdd..721fb918e7 100644 --- a/src/urllib3/connection.py +++ b/src/urllib3/connection.py @@ -25,7 +25,7 @@ class BaseSSLError(BaseException): from ._version import __version__ from .exceptions import ConnectTimeoutError, NewConnectionError, SystemTimeWarning from .packages.ssl_match_hostname import CertificateError, match_hostname -from .util import BYTES_SKIP_HEADER, SKIP_HEADER, SKIPPABLE_HEADERS, connection +from .util import SKIP_HEADER, SKIPPABLE_HEADERS, connection from .util.ssl_ import ( assert_fingerprint, create_urllib3_context, @@ -182,17 +182,9 @@ def putrequest(self, method, url, *args, **kwargs): return super().putrequest(method, url, *args, **kwargs) - def _skipheader_in_values(self, values): - for v in values: - if isinstance(v, str) and v == SKIP_HEADER: - return True - elif isinstance(v, bytes) and v == BYTES_SKIP_HEADER: - return True - return False - def putheader(self, header, *values): """""" - if not self._skipheader_in_values(values): + if not any(isinstance(v, str) and v == SKIP_HEADER for v in values): super().putheader(header, *values) elif to_str(header.lower()) not in SKIPPABLE_HEADERS: raise ValueError( diff --git a/src/urllib3/util/__init__.py b/src/urllib3/util/__init__.py index 6d5c903c4e..395daeb222 100644 --- a/src/urllib3/util/__init__.py +++ b/src/urllib3/util/__init__.py @@ -1,6 +1,6 @@ # For backwards compatibility, provide imports that used to be here. from .connection import is_connection_dropped -from .request import BYTES_SKIP_HEADER, SKIP_HEADER, SKIPPABLE_HEADERS, make_headers +from .request import SKIP_HEADER, SKIPPABLE_HEADERS, make_headers from .response import is_fp_closed from .retry import Retry from .ssl_ import ( @@ -42,7 +42,6 @@ "ssl_wrap_socket", "wait_for_read", "wait_for_write", - "BYTES_SKIP_HEADER", "SKIP_HEADER", "SKIPPABLE_HEADERS", ) diff --git a/src/urllib3/util/request.py b/src/urllib3/util/request.py index cae900513e..64d40641df 100644 --- a/src/urllib3/util/request.py +++ b/src/urllib3/util/request.py @@ -7,7 +7,6 @@ # The only headers that are supported are ``Accept-Encoding``, # ``Host``, and ``User-Agent``. SKIP_HEADER = "@@@SKIP_HEADER@@@" -BYTES_SKIP_HEADER = SKIP_HEADER.encode("ascii") SKIPPABLE_HEADERS = frozenset(["accept-encoding", "host", "user-agent"]) ACCEPT_ENCODING = "gzip,deflate"