external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(util): catch homepage validation exceptions

Browse source 
We were allowing erroneous URLs through, raising exceptions,
from e.g. `http://[localhost:8444/blah`. This patch catches
any ValueErrors raised during the parse process and returns
False, indicating that the validation failed.

This patch also adds testing specifically for `util.valid_homepage`.
We didn't have specific testing for this before; this will allow us
to catch regressions in this area.

Closes #250

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2022-01-13 19:19:06 -08:00
parent 1ee8d177b4
commit 60ae676075
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
aurweb/util.py
View file

@ -63,7 +63,10 @@ def valid_email(email):
def valid_homepage(homepage): def valid_homepage(homepage):
parts = urlparse(homepage) try:
parts = urlparse(homepage)
except ValueError:
return False
return parts.scheme in ("http", "https") and bool(parts.netloc) return parts.scheme in ("http", "https") and bool(parts.netloc)

9
test/test_util.py
View file

@ -85,3 +85,12 @@ async def test_error_or_result():
response = await util.error_or_result(good_route, Request()) response = await util.error_or_result(good_route, Request())
assert response.status_code == HTTPStatus.OK assert response.status_code == HTTPStatus.OK
def test_valid_homepage():
assert util.valid_homepage("http://google.com")
assert util.valid_homepage("https://google.com")
assert not util.valid_homepage("http://[google.com/broken-ipv6")
assert not util.valid_homepage("https://[google.com/broken-ipv6")
assert not util.valid_homepage("gopher://gopher.hprc.utoronto.ca/")