Regression due to Python change in urllib
kamil-certat opened this issue · comments
Python security update changed how the urlib.parse
treats the leading spaces in URLs. They are currently stripped, and the URL is successfully processed: https://github.com/python/cpython/pull/102508/files#
This breaks our test cases if running on the system with patched Python, e.g. https://github.com/certtools/intelmq/actions/runs/5266316737/jobs/9520090889
Broken test's assert:
In addition, the official documentation now clearly says, that parse
is not intended to be used as validation.
I think that we should keep the previous validation by rejecting URLs starting from empty chars as it may be important for some services.