Message 383898 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	nagdon
Recipients	nagdon
Date	2020-12-28.15:42:33
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1609170153.96.0.504551551924.issue42766@roundup.psfhosted.org>
In-reply-to

Content
The is_suburi(self, base, test) method of HTTPPasswordMgr in the urllib.request module tries to "Check if test is below base in a URI tree", but it uses the posixpath.commonprefix() function. This is problematic because commonprefix ignores the path structure (for example commonprefix(['/usr/lib', '/usr/local/lib'])=='/usr/l') and therefore the current implementation of is_suburi is essentially equivalent to calling str.startswith after some normalization steps. If we want to say that example.com/resource101 is NOT below example.com/resource1 in a URI tree, then the call to commonprefix should be replaced by a call to posixpath.commonpath(), which does the right thing.

The is_suburi(self, base, test) method of HTTPPasswordMgr in the urllib.request module tries to "Check if test is below base in a URI tree", but it uses the posixpath.commonprefix() function. This is problematic because commonprefix ignores the path structure (for example commonprefix(['/usr/lib', '/usr/local/lib'])=='/usr/l') and therefore the current implementation of is_suburi is essentially equivalent to calling str.startswith after some normalization steps.

If we want to say that example.com/resource101 is *NOT* below example.com/resource1 in a URI tree, then the call to commonprefix should be replaced by a call to posixpath.commonpath(), which does the right thing.

History
Date	User	Action	Args
2020-12-28 15:42:34	nagdon	set	recipients: + nagdon
2020-12-28 15:42:33	nagdon	set	messageid: <1609170153.96.0.504551551924.issue42766@roundup.psfhosted.org>
2020-12-28 15:42:33	nagdon	link	issue42766 messages
2020-12-28 15:42:33	nagdon	create