Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

urlencode produces bad output from ssl.CERT_NONE and friends that chokes decoders #77206

Open
vitaly-krugl mannequin opened this issue Mar 8, 2018 · 5 comments
Open

urlencode produces bad output from ssl.CERT_NONE and friends that chokes decoders #77206

vitaly-krugl mannequin opened this issue Mar 8, 2018 · 5 comments
Assignees
@ethanfurman
Labels
3.8 only security fixes 3.9 only security fixes 3.10 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@vitaly-krugl
Copy link
Mannequin

vitaly-krugl mannequin commented Mar 8, 2018

BPO 33025
Nosy @warsaw, @tiran, @ethanfurman, @vitaly-krugl

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = 'https://github.com/ethanfurman'
closed_at = None
created_at = <Date 2018-03-08.06:57:47.318>
labels = ['3.8', 'type-bug', 'library', '3.9', '3.10']
title = 'urlencode produces bad output from ssl.CERT_NONE and friends that chokes decoders'
updated_at = <Date 2021-06-29.20:16:30.558>
user = 'https://github.com/vitaly-krugl'

bugs.python.org fields:

activity = <Date 2021-06-29.20:16:30.558>
actor = 'barry'
assignee = 'ethan.furman'
closed = False
closed_date = None
closer = None
components = ['Library (Lib)']
creation = <Date 2018-03-08.06:57:47.318>
creator = 'vitaly.krug'
dependencies = []
files = []
hgrepos = []
issue_num = 33025
keywords = []
message_count = 5.0
messages = ['313424', '313732', '391439', '391440', '391441']
nosy_count = 4.0
nosy_names = ['barry', 'christian.heimes', 'ethan.furman', 'vitaly.krug']
pr_nums = []
priority = 'normal'
resolution = None
stage = None
status = 'open'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue33025'
versions = ['Python 3.8', 'Python 3.9', 'Python 3.10']
@vitaly-krugl
Copy link
Mannequin Author

vitaly-krugl mannequin commented Mar 8, 2018 

In [9]: from urllib.parse import urlencode, parse_qs

In [10]: import ast, ssl

In [11]: d = dict(cert_reqs=ssl.CERT_NONE)

In [12]: urlencode(d)
Out[12]: 'cert_reqs=VerifyMode.CERT_NONE'

In [25]: parse_qs('cert_reqs=VerifyMode.CERT_NONE')
Out[25]: {'cert_reqs': ['VerifyMode.CERT_NONE']}
In [29]: ast.literal_eval('VerifyMode.CERT_NONE')
Traceback (most recent call last)
...
ValueError: malformed node or string: <_ast.Attribute object at 0x105c22358>

This used to work fine and produce 'cert_reqs=0' on Python 2.7, allowing it to be decoded properly downstream. However, 'cert_reqs=VerifyMode.CERT_NONE' can't be decoded generically. So, something it's that used to work in prior python versions that is breaking now.

Additional information. json.dumps() actually dumps that value as a number instead of 'VerifyMode.CERT_NONE'.

It appears that urlencode doesn't work properly with enums, where I would expect it to emit the numeric value of the enum.
@vitaly-krugl vitaly-krugl mannequin assigned tiran Mar 8, 2018
@vitaly-krugl vitaly-krugl mannequin added type-crash A hard crash of the interpreter, possibly with a core dump topic-SSL 3.7 (EOL) end of life stdlib Python modules in the Lib dir labels Mar 8, 2018
@tiran tiran removed their assignment Mar 8, 2018
@tiran
Copy link
Member

tiran commented Mar 13, 2018

Ethan, please take a look.
@serhiy-storchaka serhiy-storchaka added type-bug An unexpected behavior, bug, or error and removed type-crash A hard crash of the interpreter, possibly with a core dump labels Jul 11, 2018
@tiran tiran added 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes and removed topic-SSL 3.7 (EOL) end of life labels Apr 17, 2021
@ethanfurman
Copy link
Member

IIUC, the issue is that

  urlencode( {'cert_reqs': ssl.CERT_NONE} )

no longer produces

'cert_reqs=0'

?
@tiran
Copy link
Member

tiran commented Apr 20, 2021

I guess so.

We turned CERT_NONE into an IntFlag enum many years ago. urlencode() uses repr to convert integer enums.
@ethanfurman
Copy link
Member

Actually, I think it uses str(). An easy fix would be to use format() for all non-bytes objects instead -- the question then becomes how many objects (besides Enums with mixed-in data types) have a different str() vs format() display?
@ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3.8 only security fixes 3.9 only security fixes 3.10 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
3 participants
@tiran @serhiy-storchaka @ethanfurman