[Python-checkins] r54339 - in python/trunk: Lib/ConfigParser.py Lib/test/test_cfgparser.py Misc/NEWS
georg.brandl
python-checkins at python.org
Tue Mar 13 18:43:38 CET 2007
Author: georg.brandl
Date: Tue Mar 13 18:43:32 2007
New Revision: 54339
Modified:
python/trunk/Lib/ConfigParser.py
python/trunk/Lib/test/test_cfgparser.py
python/trunk/Misc/NEWS
Log:
Patch #1603688: ConfigParser.SafeConfigParser now checks values that
are set for invalid interpolation sequences that would lead to errors
on reading back those values.
Modified: python/trunk/Lib/ConfigParser.py
==============================================================================
--- python/trunk/Lib/ConfigParser.py (original)
+++ python/trunk/Lib/ConfigParser.py Tue Mar 13 18:43:32 2007
@@ -594,7 +594,8 @@
self._interpolate_some(option, L, rawval, section, vars, 1)
return ''.join(L)
- _interpvar_match = re.compile(r"%\(([^)]+)\)s").match
+ _interpvar_re = re.compile(r"%\(([^)]+)\)s")
+ _badpercent_re = re.compile(r"%[^%]|%$")
def _interpolate_some(self, option, accum, rest, section, map, depth):
if depth > MAX_INTERPOLATION_DEPTH:
@@ -613,7 +614,7 @@
accum.append("%")
rest = rest[2:]
elif c == "(":
- m = self._interpvar_match(rest)
+ m = self._interpvar_re.match(rest)
if m is None:
raise InterpolationSyntaxError(option, section,
"bad interpolation variable reference %r" % rest)
@@ -638,4 +639,12 @@
"""Set an option. Extend ConfigParser.set: check for string values."""
if not isinstance(value, basestring):
raise TypeError("option values must be strings")
+ # check for bad percent signs:
+ # first, replace all "good" interpolations
+ tmp_value = self._interpvar_re.sub('', value)
+ # then, check if there's a lone percent sign left
+ m = self._badpercent_re.search(tmp_value)
+ if m:
+ raise ValueError("invalid interpolation syntax in %r at "
+ "position %d" % (value, m.start()))
ConfigParser.set(self, section, option, value)
Modified: python/trunk/Lib/test/test_cfgparser.py
==============================================================================
--- python/trunk/Lib/test/test_cfgparser.py (original)
+++ python/trunk/Lib/test/test_cfgparser.py Tue Mar 13 18:43:32 2007
@@ -422,6 +422,18 @@
self.assertEqual(cf.get("section", "ok"), "xxx/%s")
self.assertEqual(cf.get("section", "not_ok"), "xxx/xxx/%s")
+ def test_set_malformatted_interpolation(self):
+ cf = self.fromstring("[sect]\n"
+ "option1=foo\n")
+
+ self.assertEqual(cf.get('sect', "option1"), "foo")
+
+ self.assertRaises(ValueError, cf.set, "sect", "option1", "%foo")
+ self.assertRaises(ValueError, cf.set, "sect", "option1", "foo%")
+ self.assertRaises(ValueError, cf.set, "sect", "option1", "f%oo")
+
+ self.assertEqual(cf.get('sect', "option1"), "foo")
+
def test_set_nonstring_types(self):
cf = self.fromstring("[sect]\n"
"option1=foo\n")
Modified: python/trunk/Misc/NEWS
==============================================================================
--- python/trunk/Misc/NEWS (original)
+++ python/trunk/Misc/NEWS Tue Mar 13 18:43:32 2007
@@ -168,6 +168,10 @@
Library
-------
+- Patch #1603688: ConfigParser.SafeConfigParser now checks values that
+ are set for invalid interpolation sequences that would lead to errors
+ on reading back those values.
+
- Added support for the POSIX.1-2001 (pax) format to tarfile.py. Extended
and cleaned up the test suite. Added a new testtar.tar.
More information about the Python-checkins
mailing list