Skip to content

Commit

Permalink
Handle invalid sdist filenames (#15830)
Browse files Browse the repository at this point in the history 
* Add a failing test

* Handle invalid sdist filenames
  • Loading branch information
@di
di committed Apr 22, 2024
1 parent 33a247c commit b09edd1
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 3 deletions.
8 changes: 6 additions & 2 deletions tests/unit/forklift/test_legacy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2909,6 +2909,10 @@ def storage_service_store(path, file_path, *, meta):
"400 Invalid wheel filename (invalid version): "
"foo-0.0.4test1-py3-none-any",
),
(
"something.tar.gz",
"400 Invalid source distribution filename: something.tar.gz",
),
],
)
def test_upload_fails_with_invalid_filename(
Expand All @@ -2932,8 +2936,8 @@ def test_upload_fails_with_invalid_filename(
"metadata_version": "1.2",
"name": project.name,
"version": release.version,
"filetype": "bdist_wheel",
"pyversion": "cp34",
"filetype": "bdist_wheel" if filename.endswith(".whl") else "sdist",
"pyversion": "cp34" if filename.endswith(".whl") else "source",
"md5_digest": hashlib.md5(filebody).hexdigest(),
"content": pretend.stub(
filename=filename,
Expand Down
8 changes: 7 additions & 1 deletion warehouse/forklift/legacy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -963,7 +963,13 @@ def file_upload(request):
# enforcing this, so we permit a filename with a project name and
# version that normalizes to be what we expect

name, version = packaging.utils.parse_sdist_filename(filename)
try:
name, version = packaging.utils.parse_sdist_filename(filename)
except packaging.utils.InvalidSdistFilename:
raise _exc_with_message(
HTTPBadRequest,
f"Invalid source distribution filename: {filename}",
)

# The previous function fails to accomodate the edge case where
# versions may contain hyphens, so we handle that here based on
Expand Down

0 comments on commit b09edd1

Please sign in to comment.