mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-09 18:48:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)

Browse source 
Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by
limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
This commit is contained in:
matthewbelisle-wf 2018-10-19 05:52:59 -05:00 committed by Miss Islington (bot)
parent f081fd8303
commit 209144831b
5 changed files with 102 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Lib/test/test_urlparse.py
View file

@ -880,6 +880,13 @@ class UrlParseTestCase(unittest.TestCase):
errors="ignore")
self.assertEqual(result, [('key', '\u0141-')])
def test_parse_qsl_max_num_fields(self):
with self.assertRaises(ValueError):
urllib.parse.parse_qs('&'.join(['a=a']*11), max_num_fields=10)
with self.assertRaises(ValueError):
urllib.parse.parse_qs(';'.join(['a=a']*11), max_num_fields=10)
urllib.parse.parse_qs('&'.join(['a=a']*10), max_num_fields=10)
def test_urlencode_sequences(self):
# Other tests incidentally urlencode things; test non-covered cases:
# Sequence and object values.