#1466065: add validate option to base64.b64decode

Patch by Neil Tallim. This provides a mechanism for module users to achieve RFC 3548 compliance in the cases where ignoring non-base64-alphabet input characters is *not* mandated by the RFC that references RFC 3548.
2025-08-04 08:59:19 +00:00 · 2010-11-11 20:09:20 +00:00 · 2010-11-11 20:09:20 +00:00 · 6495136e40
commit 6495136e40
parent 49afa380fd
4 changed files with 37 additions and 9 deletions
--- a/Lib/base64.py
+++ b/Lib/base64.py
@ -65,16 +65,19 @@ def b64encode(s, altchars=None):
    return encoded


-def b64decode(s, altchars=None):
+def b64decode(s, altchars=None, validate=False):
    """Decode a Base64 encoded byte string.

    s is the byte string to decode.  Optional altchars must be a
    string of length 2 which specifies the alternative alphabet used
    instead of the '+' and '/' characters.

-    The decoded byte string is returned.  binascii.Error is raised if
-    s were incorrectly padded or if there are non-alphabet characters
-    present in the string.
+    The decoded string is returned.  A binascii.Error is raised if s is
+    incorrectly padded.
+
+    If validate is False (the default), non-base64-alphabet characters are
+    discarded prior to the padding check.  If validate is True,
+    non-base64-alphabet characters in the input result in a binascii.Error.
    """
    if not isinstance(s, bytes_types):
        raise TypeError("expected bytes, not %s" % s.__class__.__name__)
@ -84,6 +87,8 @@ def b64decode(s, altchars=None):
                            % altchars.__class__.__name__)
        assert len(altchars) == 2, repr(altchars)
        s = _translate(s, {chr(altchars[0]): b'+', chr(altchars[1]): b'/'})
+    if validate and not re.match(b'^[A-Za-z0-9+/]*={0,2}$', s):
+        raise binascii.Error('Non-base64 digit found')
    return binascii.a2b_base64(s)