Prevent unexpected changes on URL after calling copy_with (CVE-2021-41945)
()
| 661 | |
| 662 | |
| 663 | def test_url_copywith_security(): |
| 664 | """ |
| 665 | Prevent unexpected changes on URL after calling copy_with (CVE-2021-41945) |
| 666 | """ |
| 667 | with pytest.raises(httpx.InvalidURL): |
| 668 | httpx.URL("https://u:p@[invalid!]//evilHost/path?t=w#tw") |
| 669 | |
| 670 | url = httpx.URL("https://example.com/path?t=w#tw") |
| 671 | bad = "https://xxxx:xxxx@xxxxxxx/xxxxx/xxx?x=x#xxxxx" |
| 672 | with pytest.raises(httpx.InvalidURL): |
| 673 | url.copy_with(scheme=bad) |
| 674 | |
| 675 | |
| 676 | # Tests for copy-modifying-parameters methods. |