Prevent unexpected changes on URL after calling copy_with (CVE-2021-41945)
()
| 661 | |
| 662 | |
| 663 | def test_url_copywith_security(): |
| 664 | class="st">""" |
| 665 | Prevent unexpected changes on URL after calling copy_with (CVE-2021-41945) |
| 666 | class="st">""" |
| 667 | with pytest.raises(httpx.InvalidURL): |
| 668 | httpx.URL(class="st">"https://u:p@[invalid!]//evilHost/path?t=wclass="cm">#tw") |
| 669 | |
| 670 | url = httpx.URL(class="st">"https://example.com/path?t=wclass="cm">#tw") |
| 671 | bad = class="st">"https://xxxx:xxxx@xxxxxxx/xxxxx/xxx?x=xclass="cm">#xxxxx" |
| 672 | with pytest.raises(httpx.InvalidURL): |
| 673 | url.copy_with(scheme=bad) |
| 674 | |
| 675 | |
| 676 | class="cm"># Tests for copy-modifying-parameters methods. |