Skip to content

Only allow some characters within a request URL to PyPi.#1450

Merged
scragly merged 1 commit into
masterfrom
pypi-url-formatter-patch
Mar 7, 2021
Merged

Only allow some characters within a request URL to PyPi.#1450
scragly merged 1 commit into
masterfrom
pypi-url-formatter-patch

Conversation

@Xithrius
Copy link
Copy Markdown
Contributor

@Xithrius Xithrius commented Mar 7, 2021

If someone spams a bunch of characters, we don't want to send a request to PyPi with a bunch of gibberish. This also protects against injections (if possible, if any).

Some examples of cases with illegal characters within them:
image

@Xithrius Xithrius force-pushed the pypi-url-formatter-patch branch from b78597e to 7857dde Compare March 7, 2021 07:50
@Xithrius Xithrius added a: backend Related to internal functionality and utilities (error_handler, logging, security, utils and core) p: 2 - normal Normal Priority t: enhancement Changes or improvements to existing features labels Mar 7, 2021
@Xithrius
Copy link
Copy Markdown
Contributor Author

Xithrius commented Mar 7, 2021
edited
Loading

There are some changes from a different branch on here. Fixing.

Fixed.

@Xithrius Xithrius force-pushed the pypi-url-formatter-patch branch from b6cd44b to fa016c0 Compare March 7, 2021 07:58
Shivansh-007
Shivansh-007 approved these changes Mar 7, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@Shivansh-007 Shivansh-007 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Looks Good To Me! Just one thing, not sure if it is needed or not tho.

Tested locally.

Comment thread bot/exts/info/pypi.py
ChrisLovering
ChrisLovering approved these changes Mar 7, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@ChrisLovering ChrisLovering left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All looks good to me!

@scragly scragly merged commit e5a1a30 into master Mar 7, 2021
@scragly scragly deleted the pypi-url-formatter-patch branch March 7, 2021 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChrisLovering ChrisLovering ChrisLovering approved these changes

@Akarys42 Akarys42 Awaiting requested review from Akarys42

@Den4200 Den4200 Awaiting requested review from Den4200

@MarkKoz MarkKoz Awaiting requested review from MarkKoz

+2 more reviewers

@Shivansh-007 Shivansh-007 Shivansh-007 approved these changes

@scragly scragly scragly approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

a: backend Related to internal functionality and utilities (error_handler, logging, security, utils and core) p: 2 - normal Normal Priority t: enhancement Changes or improvements to existing features

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Xithrius @ChrisLovering @scragly @Shivansh-007