diff options
| -rw-r--r-- | netlib/http.py | 13 | ||||
| -rw-r--r-- | test/test_http.py | 5 |
2 files changed, 18 insertions, 0 deletions
diff --git a/netlib/http.py b/netlib/http.py index 10b6a402..c864f1de 100644 --- a/netlib/http.py +++ b/netlib/http.py @@ -15,6 +15,11 @@ class HttpErrorConnClosed(HttpError): pass def parse_url(url): """ Returns a (scheme, host, port, path) tuple, or None on error. + + Checks that: + port is an integer + host is a valid IDNA-encoded hostname + path is valid ASCII """ scheme, netloc, path, params, query, fragment = urlparse.urlparse(url) if not scheme: @@ -34,6 +39,14 @@ def parse_url(url): path = urlparse.urlunparse(('', '', path, params, query, fragment)) if not path.startswith("/"): path = "/" + path + try: + host.decode("idna") + except ValueError: + return None + try: + path.decode("ascii") + except ValueError: + return None return scheme, host, port, path diff --git a/test/test_http.py b/test/test_http.py index 05dfdb8f..2cbba936 100644 --- a/test/test_http.py +++ b/test/test_http.py @@ -292,6 +292,11 @@ def test_parse_url(): assert not http.parse_url("https://foo:bar") assert not http.parse_url("https://foo:") + # Invalid IDNA + assert not http.parse_url("http://\xfafoo") + + assert not http.parse_url("http:/\xc6/localhost:56121") + def test_parse_http_basic_auth(): vals = ("basic", "foo", "bar") |