McSinyx/pip
1
1
Fork 0
mirror of https://github.com/pypa/pip synced 2023-12-13 21:30:23 +01:00
Code Issues Releases Activity

Make trusted host w/o port work for HTTPS

Browse source
This commit is contained in:
Frost Ming 2019-07-14 17:00:05 +08:00 committed by Chris Jerdonek
parent c2cf232279
commit 3f9136f885
5 changed files with 59 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
news/6705.bugfix Normal file
View file

@ -0,0 +1 @@
Fix --trusted-host processing under HTTPS to trust any port number used with the host.

10
src/pip/_internal/download.py
View file

@ -43,10 +43,12 @@ from pip._internal.utils.misc import (
ask_password,
ask_path_exists,
backup_dir,
build_url_from_netloc,
consume,
display_path,
format_size,
get_installed_version,
netloc_has_port,
path_to_url,
remove_auth_from_url,
rmtree,
@ -608,7 +610,13 @@ class PipSession(requests.Session):
def add_insecure_host(self, host):
# type: (str) -> None
self.mount('https://{}/'.format(host), self._insecure_adapter)
self.mount(build_url_from_netloc(host) + '/', self._insecure_adapter)
if not netloc_has_port(host):
# Mount wildcard ports for the same host.
self.mount(
build_url_from_netloc(host) + ':',
self._insecure_adapter
)
def request(self, method, url, *args, **kwargs):
# Allow setting a default timeout on a session

21
src/pip/_internal/utils/misc.py
View file

@ -1081,6 +1081,27 @@ def path_to_url(path):
return url
def build_url_from_netloc(netloc, scheme='https'):
# type: (str, str) -> str
"""
Build a full URL from a netloc.
"""
if netloc.count(':') >= 2 and '@' not in netloc and '[' not in netloc:
# It must be a bare IPv6 address, then wrap it with brackets.
netloc = '[{}]'.format(netloc)
return '{}://{}'.format(scheme, netloc)
def netloc_has_port(netloc):
# type: (str) -> bool
"""
Return whether the netloc has a port part.
"""
url = build_url_from_netloc(netloc)
parsed = urllib_parse.urlparse(url)
return bool(parsed.port)
def split_auth_from_netloc(netloc):
"""
Parse out and remove the auth information from a netloc.

4
tests/unit/test_download.py
View file

@ -527,13 +527,15 @@ class TestPipSession:
assert not hasattr(session.adapters["http://"], "cache")
def test_insecure_host_cache_is_not_enabled(self, tmpdir):
def test_insecure_host_adapter(self, tmpdir):
session = PipSession(
cache=tmpdir.joinpath("test-cache"),
insecure_hosts=["example.com"],
)
assert not hasattr(session.adapters["https://example.com/"], "cache")
assert "https://example.com/" in session.adapters
assert "https://example.com:" in session.adapters
@pytest.mark.parametrize(["input_url", "url", "username", "password"], [

25
tests/unit/test_utils.py
View file

@ -37,6 +37,7 @@ from pip._internal.utils.glibc import (
)
from pip._internal.utils.hashes import Hashes, MissingHashes
from pip._internal.utils.misc import (
build_url_from_netloc,
call_subprocess,
egg_link_path,
ensure_dir,
@ -44,6 +45,7 @@ from pip._internal.utils.misc import (
get_installed_distributions,
get_prog,
make_subprocess_output_error,
netloc_has_port,
normalize_path,
normalize_version_info,
path_to_display,
@ -1223,6 +1225,29 @@ def test_path_to_url_win():
assert path_to_url('file') == 'file:' + urllib_request.pathname2url(path)
@pytest.mark.parametrize('netloc, url, has_port', [
# Test domain name.
('example.com', 'https://example.com', False),
('example.com:5000', 'https://example.com:5000', True),
# Test IPv4 address.
('127.0.0.1', 'https://127.0.0.1', False),
('127.0.0.1:5000', 'https://127.0.0.1:5000', True),
# Test bare IPv6 address.
('2001:DB6::1', 'https://[2001:DB6::1]', False),
# Test IPv6 with port.
('[2001:DB6::1]:5000', 'https://[2001:DB6::1]:5000', True),
# Test netloc with auth.
(
'user:password@localhost:5000',
'https://user:password@localhost:5000',
True
)
])
def test_build_url_from_netloc_and_netloc_has_port(netloc, url, has_port):
assert build_url_from_netloc(netloc) == url
assert netloc_has_port(netloc) is has_port
@pytest.mark.parametrize('netloc, expected', [
# Test a basic case.
('example.com', ('example.com', (None, None))),