Giters

certtools / intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Home Page:https://docs.intelmq.org/latest/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Regression due to Python change in urllib

kamil-certat opened this issue · comments

commented

Python security update changed how the urlib.parse treats the leading spaces in URLs. They are currently stripped, and the URL is successfully processed: https://github.com/python/cpython/pull/102508/files#

This breaks our test cases if running on the system with patched Python, e.g. https://github.com/certtools/intelmq/actions/runs/5266316737/jobs/9520090889

Broken test's assert:

intelmq/intelmq/tests/lib/test_harmonization.py

Line 414 in 6d4d889

self.assertFalse(harmonization.URL.is_valid(' http://example.com'))

In addition, the official documentation now clearly says, that parse is not intended to be used as validation.

I think that we should keep the previous validation by rejecting URLs starting from empty chars as it may be important for some services.