classification
Title: urllib.request.HTTPPasswordMgr uses commonprefix instead of commonpath
Type: behavior Stage: patch review
Components: Library (Lib) Versions: Python 3.10
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Fongeme, nagdon
Priority: normal Keywords: patch

Created on 2020-12-28 15:42 by nagdon, last changed 2021-01-09 20:31 by Fongeme.

Pull Requests
URL Status Linked Edit
PR 24181 open Fongeme, 2021-01-09 20:31
Messages (1)
msg383898 - (view) Author: DonĂ¡t Nagy (nagdon) Date: 2020-12-28 15:42
The is_suburi(self, base, test) method of HTTPPasswordMgr in the urllib.request module tries to "Check if test is below base in a URI tree", but it uses the posixpath.commonprefix() function. This is problematic because commonprefix ignores the path structure (for example commonprefix(['/usr/lib', '/usr/local/lib'])=='/usr/l') and therefore the current implementation of is_suburi is essentially equivalent to calling str.startswith after some normalization steps.

If we want to say that example.com/resource101 is *NOT* below example.com/resource1 in a URI tree, then the call to commonprefix should be replaced by a call to posixpath.commonpath(), which does the right thing.
History
Date User Action Args
2021-01-09 20:31:09Fongemesetkeywords: + patch
nosy: + Fongeme

pull_requests: + pull_request23007
stage: patch review
2020-12-28 15:42:33nagdoncreate