From e72e161851cb5d0bddef3d24e56bb5d2969a28e5 Mon Sep 17 00:00:00 2001 From: Ronald Oussoren Date: Mon, 14 Mar 2011 18:15:25 -0400 Subject: [PATCH] Issue #11500: Fixed a bug in the os x proxy bypass code for fully qualified IP addresses in the proxy exception list Patch by Scott Wilson. --- Lib/test/test_urllib2.py | 35 ++++++++++++- Lib/urllib/request.py | 104 +++++++++++++++++++++------------------ Misc/NEWS | 3 ++ 3 files changed, 93 insertions(+), 49 deletions(-) diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py index 9320e61c4e..1704683b4d 100644 --- a/Lib/test/test_urllib2.py +++ b/Lib/test/test_urllib2.py @@ -6,7 +6,9 @@ import io import socket import urllib.request -from urllib.request import Request, OpenerDirector +# The proxy bypass method imported below has logic specific to the OSX +# proxy config data structure but is testable on all platforms. +from urllib.request import Request, OpenerDirector, _proxy_bypass_macosx_sysconf # XXX # Request @@ -1030,6 +1032,17 @@ class HandlerTests(unittest.TestCase): self.assertEqual(req.get_host(), "www.python.org") del os.environ['no_proxy'] + def test_proxy_no_proxy_all(self): + os.environ['no_proxy'] = '*' + o = OpenerDirector() + ph = urllib.request.ProxyHandler(dict(http="proxy.example.com")) + o.add_handler(ph) + req = Request("http://www.python.org") + self.assertEqual(req.get_host(), "www.python.org") + r = o.open(req) + self.assertEqual(req.get_host(), "www.python.org") + del os.environ['no_proxy'] + def test_proxy_https(self): o = OpenerDirector() @@ -1070,6 +1083,26 @@ class HandlerTests(unittest.TestCase): self.assertEqual(req.get_host(), "proxy.example.com:3128") self.assertEqual(req.get_header("Proxy-authorization"),"FooBar") + def test_osx_proxy_bypass(self): + bypass = { + 'exclude_simple': False, + 'exceptions': ['foo.bar', '*.bar.com', '127.0.0.1', '10.10', + '10.0/16'] + } + # Check hosts that should trigger the proxy bypass + for host in ('foo.bar', 'www.bar.com', '127.0.0.1', '10.10.0.1', + '10.0.0.1'): + self.assertTrue(_proxy_bypass_macosx_sysconf(host, bypass), + 'expected bypass of %s to be True' % host) + # Check hosts that should not trigger the proxy bypass + for host in ('abc.foo.bar', 'bar.com', '127.0.0.2', '10.11.0.1', 'test'): + self.assertFalse(_proxy_bypass_macosx_sysconf(host, bypass), + 'expected bypass of %s to be False' % host) + + # Check the exclude_simple flag + bypass = {'exclude_simple': True, 'exceptions': []} + self.assertTrue(_proxy_bypass_macosx_sysconf('test', bypass)) + def test_basic_auth(self, quote_char='"'): opener = OpenerDirector() password_manager = MockPasswordManager() diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py index e13381c3bc..087e9a606c 100644 --- a/Lib/urllib/request.py +++ b/Lib/urllib/request.py @@ -2175,68 +2175,76 @@ def proxy_bypass_environment(host): return 0 -if sys.platform == 'darwin': - from _scproxy import _get_proxy_settings, _get_proxies - - def proxy_bypass_macosx_sysconf(host): - """ - Return True iff this host shouldn't be accessed using a proxy +# This code tests an OSX specific data structure but is testable on all +# platforms +def _proxy_bypass_macosx_sysconf(host, proxy_settings): + """ + Return True iff this host shouldn't be accessed using a proxy - This function uses the MacOSX framework SystemConfiguration - to fetch the proxy information. - """ - import re - import socket - from fnmatch import fnmatch + This function uses the MacOSX framework SystemConfiguration + to fetch the proxy information. - hostonly, port = splitport(host) + proxy_settings come from _scproxy._get_proxy_settings or get mocked ie: + { 'exclude_simple': bool, + 'exceptions': ['foo.bar', '*.bar.com', '127.0.0.1', '10.1', '10.0/16'] + } + """ + import re + import socket + from fnmatch import fnmatch - def ip2num(ipAddr): - parts = ipAddr.split('.') - parts = list(map(int, parts)) - if len(parts) != 4: - parts = (parts + [0, 0, 0, 0])[:4] - return (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8) | parts[3] + hostonly, port = splitport(host) - proxy_settings = _get_proxy_settings() + def ip2num(ipAddr): + parts = ipAddr.split('.') + parts = list(map(int, parts)) + if len(parts) != 4: + parts = (parts + [0, 0, 0, 0])[:4] + return (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8) | parts[3] - # Check for simple host names: - if '.' not in host: - if proxy_settings['exclude_simple']: - return True + # Check for simple host names: + if '.' not in host: + if proxy_settings['exclude_simple']: + return True - hostIP = None + hostIP = None - for value in proxy_settings.get('exceptions', ()): - # Items in the list are strings like these: *.local, 169.254/16 - if not value: continue + for value in proxy_settings.get('exceptions', ()): + # Items in the list are strings like these: *.local, 169.254/16 + if not value: continue - m = re.match(r"(\d+(?:\.\d+)*)(/\d+)?", value) - if m is not None: - if hostIP is None: - try: - hostIP = socket.gethostbyname(hostonly) - hostIP = ip2num(hostIP) - except socket.error: - continue + m = re.match(r"(\d+(?:\.\d+)*)(/\d+)?", value) + if m is not None: + if hostIP is None: + try: + hostIP = socket.gethostbyname(hostonly) + hostIP = ip2num(hostIP) + except socket.error: + continue + + base = ip2num(m.group(1)) + mask = m.group(2) + if mask is None: + mask = 8 * (m.group(1).count('.') + 1) + else: + mask = int(mask[1:]) + mask = 32 - mask - base = ip2num(m.group(1)) - mask = m.group(2) - if mask is None: - mask = 8 * (m.group(1).count('.') + 1) + if (hostIP >> mask) == (base >> mask): + return True - else: - mask = int(mask[1:]) - mask = 32 - mask + elif fnmatch(host, value): + return True - if (hostIP >> mask) == (base >> mask): - return True + return False - elif fnmatch(host, value): - return True - return False +if sys.platform == 'darwin': + from _scproxy import _get_proxy_settings, _get_proxies + def proxy_bypass_macosx_sysconf(host): + proxy_settings = _get_proxy_settings() + return _proxy_bypass_macosx_sysconf(host, proxy_settings) def getproxies_macosx_sysconf(): """Return a dictionary of scheme -> proxy server URL mappings. diff --git a/Misc/NEWS b/Misc/NEWS index 37b247730d..d4ce939119 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -197,6 +197,9 @@ Library OSError exception when The OS had been told to ignore SIGCLD in our process or otherwise not wait for exiting child processes. +- Issue #11500: Fixed a bug in the os x proxy bypass code for fully qualified + IP addresses in the proxy exception list. + Extensions ---------- -- 2.40.0