diff --git a/contrib/python3-whitelist b/contrib/python3-whitelist --- a/contrib/python3-whitelist +++ b/contrib/python3-whitelist @@ -449,6 +449,7 @@ test-upgrade-repo.t test-url-download.t test-url-rev.t +test-url.py test-username-newline.t test-verify.t test-websub.t diff --git a/tests/test-url.py b/tests/test-url.py --- a/tests/test-url.py +++ b/tests/test-url.py @@ -20,17 +20,17 @@ check(_verifycert(cert('example.com'), 'example.com'), None) check(_verifycert(cert('example.com'), 'www.example.com'), - 'certificate is for example.com') + b'certificate is for example.com') check(_verifycert(cert('www.example.com'), 'example.com'), - 'certificate is for www.example.com') + b'certificate is for www.example.com') # Test wildcard certificates check(_verifycert(cert('*.example.com'), 'www.example.com'), None) check(_verifycert(cert('*.example.com'), 'example.com'), - 'certificate is for *.example.com') + b'certificate is for *.example.com') check(_verifycert(cert('*.example.com'), 'w.w.example.com'), - 'certificate is for *.example.com') + b'certificate is for *.example.com') # Test subjectAltName san_cert = {'subject': ((('commonName', 'example.com'),),), @@ -42,7 +42,7 @@ None) # no fallback to subject commonName when subjectAltName has DNS check(_verifycert(san_cert, 'example.com'), - 'certificate is for *.example.net, example.net') + b'certificate is for *.example.net, example.net') # fallback to subject commonName when no DNS in subjectAltName san_cert = {'subject': ((('commonName', 'example.com'),),), 'subjectAltName': (('IP Address', '8.8.8.8'),)} @@ -50,84 +50,84 @@ # Avoid some pitfalls check(_verifycert(cert('*.foo'), 'foo'), - 'certificate is for *.foo') + b'certificate is for *.foo') check(_verifycert(cert('*o'), 'foo'), None) check(_verifycert({'subject': ()}, 'example.com'), - 'no commonName or subjectAltName found in certificate') + b'no commonName or subjectAltName found in certificate') check(_verifycert(None, 'example.com'), - 'no certificate received') + b'no certificate received') # Unicode (IDN) certname isn't supported check(_verifycert(cert(u'\u4f8b.jp'), 'example.jp'), - 'IDN in certificate not supported') + b'IDN in certificate not supported') # The following tests are from CPython's test_ssl.py. check(_verifycert(cert('example.com'), 'example.com'), None) check(_verifycert(cert('example.com'), 'ExAmple.cOm'), None) check(_verifycert(cert('example.com'), 'www.example.com'), - 'certificate is for example.com') + b'certificate is for example.com') check(_verifycert(cert('example.com'), '.example.com'), - 'certificate is for example.com') + b'certificate is for example.com') check(_verifycert(cert('example.com'), 'example.org'), - 'certificate is for example.com') + b'certificate is for example.com') check(_verifycert(cert('example.com'), 'exampleXcom'), - 'certificate is for example.com') + b'certificate is for example.com') check(_verifycert(cert('*.a.com'), 'foo.a.com'), None) check(_verifycert(cert('*.a.com'), 'bar.foo.a.com'), - 'certificate is for *.a.com') + b'certificate is for *.a.com') check(_verifycert(cert('*.a.com'), 'a.com'), - 'certificate is for *.a.com') + b'certificate is for *.a.com') check(_verifycert(cert('*.a.com'), 'Xa.com'), - 'certificate is for *.a.com') + b'certificate is for *.a.com') check(_verifycert(cert('*.a.com'), '.a.com'), - 'certificate is for *.a.com') + b'certificate is for *.a.com') # only match one left-most wildcard check(_verifycert(cert('f*.com'), 'foo.com'), None) check(_verifycert(cert('f*.com'), 'f.com'), None) check(_verifycert(cert('f*.com'), 'bar.com'), - 'certificate is for f*.com') + b'certificate is for f*.com') check(_verifycert(cert('f*.com'), 'foo.a.com'), - 'certificate is for f*.com') + b'certificate is for f*.com') check(_verifycert(cert('f*.com'), 'bar.foo.com'), - 'certificate is for f*.com') + b'certificate is for f*.com') # NULL bytes are bad, CVE-2013-4073 check(_verifycert(cert('null.python.org\x00example.org'), 'null.python.org\x00example.org'), None) check(_verifycert(cert('null.python.org\x00example.org'), 'example.org'), - 'certificate is for null.python.org\x00example.org') + b'certificate is for null.python.org\x00example.org') check(_verifycert(cert('null.python.org\x00example.org'), 'null.python.org'), - 'certificate is for null.python.org\x00example.org') + b'certificate is for null.python.org\x00example.org') # error cases with wildcards check(_verifycert(cert('*.*.a.com'), 'bar.foo.a.com'), - 'certificate is for *.*.a.com') + b'certificate is for *.*.a.com') check(_verifycert(cert('*.*.a.com'), 'a.com'), - 'certificate is for *.*.a.com') + b'certificate is for *.*.a.com') check(_verifycert(cert('*.*.a.com'), 'Xa.com'), - 'certificate is for *.*.a.com') + b'certificate is for *.*.a.com') check(_verifycert(cert('*.*.a.com'), '.a.com'), - 'certificate is for *.*.a.com') + b'certificate is for *.*.a.com') check(_verifycert(cert('a.*.com'), 'a.foo.com'), - 'certificate is for a.*.com') + b'certificate is for a.*.com') check(_verifycert(cert('a.*.com'), 'a..com'), - 'certificate is for a.*.com') + b'certificate is for a.*.com') check(_verifycert(cert('a.*.com'), 'a.com'), - 'certificate is for a.*.com') + b'certificate is for a.*.com') # wildcard doesn't match IDNA prefix 'xn--' idna = u'püthon.python.org'.encode('idna').decode('ascii') check(_verifycert(cert(idna), idna), None) check(_verifycert(cert('x*.python.org'), idna), - 'certificate is for x*.python.org') + b'certificate is for x*.python.org') check(_verifycert(cert('xn--p*.python.org'), idna), - 'certificate is for xn--p*.python.org') + b'certificate is for xn--p*.python.org') # wildcard in first fragment and IDNA A-labels in sequent fragments # are supported. @@ -140,10 +140,10 @@ None) check(_verifycert(cert(idna), u'ftp.pythön.org'.encode('idna').decode('ascii')), - 'certificate is for www*.xn--pythn-mua.org') + b'certificate is for www*.xn--pythn-mua.org') check(_verifycert(cert(idna), u'pythön.org'.encode('idna').decode('ascii')), - 'certificate is for www*.xn--pythn-mua.org') + b'certificate is for www*.xn--pythn-mua.org') c = { 'notAfter': 'Jun 26 21:41:46 2011 GMT', @@ -158,10 +158,10 @@ check(_verifycert(c, 'linuxfr.com'), None) # Not a "DNS" entry check(_verifycert(c, ''), - 'certificate is for linuxfr.org, linuxfr.com') + b'certificate is for linuxfr.org, linuxfr.com') # When there is a subjectAltName, commonName isn't used check(_verifycert(c, 'linuxfrz.org'), - 'certificate is for linuxfr.org, linuxfr.com') + b'certificate is for linuxfr.org, linuxfr.com') # A pristine real-world example c = { @@ -175,10 +175,10 @@ ), } check(_verifycert(c, 'mail.google.com'), None) -check(_verifycert(c, 'gmail.com'), 'certificate is for mail.google.com') +check(_verifycert(c, 'gmail.com'), b'certificate is for mail.google.com') # Only commonName is considered -check(_verifycert(c, 'California'), 'certificate is for mail.google.com') +check(_verifycert(c, 'California'), b'certificate is for mail.google.com') # Neither commonName nor subjectAltName c = { @@ -191,7 +191,7 @@ ), } check(_verifycert(c, 'mail.google.com'), - 'no commonName or subjectAltName found in certificate') + b'no commonName or subjectAltName found in certificate') # No DNS entry in subjectAltName but a commonName c = { @@ -218,21 +218,21 @@ 'subjectAltName': (('othername', 'blabla'),), } check(_verifycert(c, 'google.com'), - 'no commonName or subjectAltName found in certificate') + b'no commonName or subjectAltName found in certificate') # Empty cert / no cert -check(_verifycert(None, 'example.com'), 'no certificate received') -check(_verifycert({}, 'example.com'), 'no certificate received') +check(_verifycert(None, 'example.com'), b'no certificate received') +check(_verifycert({}, 'example.com'), b'no certificate received') # avoid denials of service by refusing more than one # wildcard per fragment. check(_verifycert({'subject': (((u'commonName', u'a*b.com'),),)}, 'axxb.com'), None) check(_verifycert({'subject': (((u'commonName', u'a*b.co*'),),)}, - 'axxb.com'), 'certificate is for a*b.co*') + 'axxb.com'), b'certificate is for a*b.co*') check(_verifycert({'subject': (((u'commonName', u'a*b*.com'),),)}, 'axxbxxc.com'), - 'too many wildcards in certificate DNS name: a*b*.com') + b'too many wildcards in certificate DNS name: a*b*.com') def test_url(): """ @@ -245,107 +245,107 @@ Query strings and fragments: - >>> url('http://host/a?b#c') + >>> url(b'http://host/a?b#c') - >>> url('http://host/a?') + >>> url(b'http://host/a?') - >>> url('http://host/a#b#c') + >>> url(b'http://host/a#b#c') - >>> url('http://host/a#b?c') + >>> url(b'http://host/a#b?c') - >>> url('http://host/?a#b') + >>> url(b'http://host/?a#b') - >>> url('http://host/?a#b', parsequery=False) + >>> url(b'http://host/?a#b', parsequery=False) - >>> url('http://host/?a#b', parsefragment=False) + >>> url(b'http://host/?a#b', parsefragment=False) - >>> url('http://host/?a#b', parsequery=False, parsefragment=False) + >>> url(b'http://host/?a#b', parsequery=False, parsefragment=False) IPv6 addresses: - >>> url('ldap://[2001:db8::7]/c=GB?objectClass?one') + >>> url(b'ldap://[2001:db8::7]/c=GB?objectClass?one') - >>> url('ldap://joe:xxx@[2001:db8::7]:80/c=GB?objectClass?one') + >>> url(b'ldap://joe:xxx@[2001:db8::7]:80/c=GB?objectClass?one') Missing scheme, host, etc.: - >>> url('://192.0.2.16:80/') + >>> url(b'://192.0.2.16:80/') - >>> url('https://mercurial-scm.org') + >>> url(b'https://mercurial-scm.org') - >>> url('/foo') + >>> url(b'/foo') - >>> url('bundle:/foo') + >>> url(b'bundle:/foo') - >>> url('a?b#c') + >>> url(b'a?b#c') - >>> url('http://x.com?arg=/foo') + >>> url(b'http://x.com?arg=/foo') - >>> url('http://joe:xxx@/foo') + >>> url(b'http://joe:xxx@/foo') Just a scheme and a path: - >>> url('mailto:John.Doe@example.com') + >>> url(b'mailto:John.Doe@example.com') - >>> url('a:b:c:d') + >>> url(b'a:b:c:d') - >>> url('aa:bb:cc:dd') + >>> url(b'aa:bb:cc:dd') SSH examples: - >>> url('ssh://joe@host//home/joe') + >>> url(b'ssh://joe@host//home/joe') - >>> url('ssh://joe:xxx@host/src') + >>> url(b'ssh://joe:xxx@host/src') - >>> url('ssh://joe:xxx@host') + >>> url(b'ssh://joe:xxx@host') - >>> url('ssh://joe@host') + >>> url(b'ssh://joe@host') - >>> url('ssh://host') + >>> url(b'ssh://host') - >>> url('ssh://') + >>> url(b'ssh://') - >>> url('ssh:') + >>> url(b'ssh:') Non-numeric port: - >>> url('http://example.com:dd') + >>> url(b'http://example.com:dd') - >>> url('ssh://joe:xxx@host:ssh/foo') + >>> url(b'ssh://joe:xxx@host:ssh/foo') Bad authentication credentials: - >>> url('http://joe@joeville:123@4:@host/a?b#c') + >>> url(b'http://joe@joeville:123@4:@host/a?b#c') - >>> url('http://!*#?/@!*#?/:@host/a?b#c') + >>> url(b'http://!*#?/@!*#?/:@host/a?b#c') - >>> url('http://!*#?@!*#?:@host/a?b#c') + >>> url(b'http://!*#?@!*#?:@host/a?b#c') - >>> url('http://!*@:!*@@host/a?b#c') + >>> url(b'http://!*@:!*@@host/a?b#c') File paths: - >>> url('a/b/c/d.g.f') + >>> url(b'a/b/c/d.g.f') - >>> url('/x///z/y/') + >>> url(b'/x///z/y/') - >>> url('/foo:bar') + >>> url(b'/foo:bar') - >>> url('\\\\foo:bar') + >>> url(b'\\\\foo:bar') - >>> url('./foo:bar') + >>> url(b'./foo:bar') Non-localhost file URL: @@ -358,7 +358,7 @@ Empty URL: - >>> u = url('') + >>> u = url(b'') >>> u >>> str(u) @@ -366,54 +366,54 @@ Empty path with query string: - >>> str(url('http://foo/?bar')) + >>> str(url(b'http://foo/?bar')) 'http://foo/?bar' Invalid path: - >>> u = url('http://foo/bar') - >>> u.path = 'bar' + >>> u = url(b'http://foo/bar') + >>> u.path = b'bar' >>> str(u) 'http://foo/bar' - >>> u = url('file:/foo/bar/baz') + >>> u = url(b'file:/foo/bar/baz') >>> u >>> str(u) 'file:///foo/bar/baz' - >>> u.localpath() + >>> pycompat.bytestr(u.localpath()) '/foo/bar/baz' - >>> u = url('file:///foo/bar/baz') + >>> u = url(b'file:///foo/bar/baz') >>> u >>> str(u) 'file:///foo/bar/baz' - >>> u.localpath() + >>> pycompat.bytestr(u.localpath()) '/foo/bar/baz' - >>> u = url('file:///f:oo/bar/baz') + >>> u = url(b'file:///f:oo/bar/baz') >>> u >>> str(u) 'file:///f:oo/bar/baz' - >>> u.localpath() + >>> pycompat.bytestr(u.localpath()) 'f:oo/bar/baz' - >>> u = url('file://localhost/f:oo/bar/baz') + >>> u = url(b'file://localhost/f:oo/bar/baz') >>> u >>> str(u) 'file://localhost/f:oo/bar/baz' - >>> u.localpath() + >>> pycompat.bytestr(u.localpath()) 'f:oo/bar/baz' - >>> u = url('file:foo/bar/baz') + >>> u = url(b'file:foo/bar/baz') >>> u >>> str(u) 'file:foo/bar/baz' - >>> u.localpath() + >>> pycompat.bytestr(u.localpath()) 'foo/bar/baz' """