diff options
| author | Florian Bruhin <git@the-compiler.org> | 2017-03-01 14:18:23 +0100 |
|---|---|---|
| committer | Florian Bruhin <git@the-compiler.org> | 2017-03-01 14:37:57 +0100 |
| commit | bc19f138fb719e3fff9e6642723e942c83138482 (patch) | |
| tree | 1c54eadcbc7120b33d6af47308ef789d00dd38ae | |
| parent | 7502d10fd9a4d3b51026dc215fc347d1ca875636 (diff) | |
| download | qutebrowser-bc19f138fb719e3fff9e6642723e942c83138482.tar.gz qutebrowser-bc19f138fb719e3fff9e6642723e942c83138482.zip | |
Don't strip info when loading PAC from a file
(cherry picked from commit deb59fc66e8be8104a5909ea39a6957339427857)
| -rw-r--r-- | qutebrowser/browser/network/pac.py | 17 | ||||
| -rw-r--r-- | tests/unit/browser/webkit/network/test_pac.py | 13 |
2 files changed, 23 insertions, 7 deletions
diff --git a/qutebrowser/browser/network/pac.py b/qutebrowser/browser/network/pac.py index ba8208822..c19b09880 100644 --- a/qutebrowser/browser/network/pac.py +++ b/qutebrowser/browser/network/pac.py @@ -199,18 +199,23 @@ class PACResolver: err = "Cannot resolve FindProxyForURL function, got '{}' instead" raise EvalProxyError(err.format(self._resolver.toString())) - def resolve(self, query): + def resolve(self, query, from_file=False): """Resolve a proxy via PAC. Args: query: QNetworkProxyQuery. + from_file: Whether the proxy info is coming from a file. Return: A list of QNetworkProxy objects in order of preference. """ - string_flags = QUrl.RemoveUserInfo - if query.url().scheme() == 'https': - string_flags |= QUrl.RemovePath | QUrl.RemoveQuery + if from_file: + string_flags = QUrl.PrettyDecoded + else: + string_flags = QUrl.RemoveUserInfo + if query.url().scheme() == 'https': + string_flags |= QUrl.RemovePath | QUrl.RemoveQuery + result = self._resolver.call([query.url().toString(string_flags), query.peerHostName()]) result_str = result.toString() @@ -239,6 +244,7 @@ class PACFetcher(QObject): assert url.scheme().startswith(pac_prefix) url.setScheme(url.scheme()[len(pac_prefix):]) + self._pac_url = url self._manager = QNetworkAccessManager() self._manager.setProxy(QNetworkProxy(QNetworkProxy.NoProxy)) self._reply = self._manager.get(QNetworkRequest(url)) @@ -295,8 +301,9 @@ class PACFetcher(QObject): Return a list of QNetworkProxy objects in order of preference. """ self._wait() + from_file = self._pac_url.scheme() == 'file' try: - return self._pac.resolve(query) + return self._pac.resolve(query, from_file=from_file) except (EvalProxyError, ParseProxyError) as e: log.network.exception("Error in PAC resolution: {}.".format(e)) # .invalid is guaranteed to be inaccessible in RFC 6761. diff --git a/tests/unit/browser/webkit/network/test_pac.py b/tests/unit/browser/webkit/network/test_pac.py index 7e67c71eb..2ad63a496 100644 --- a/tests/unit/browser/webkit/network/test_pac.py +++ b/tests/unit/browser/webkit/network/test_pac.py @@ -182,7 +182,16 @@ def test_fail_return(): ('https://secret@example.com', False), # user stripped with HTTPS ('https://user:secret@example.com', False), # password stripped with HTTPS ]) -def test_secret_url(url, has_secret): +@pytest.mark.parametrize('from_file', [True, False]) +def test_secret_url(url, has_secret, from_file): + """Make sure secret parts in an URL are stripped correctly. + + The following parts are considered secret: + - If the PAC info is loaded from a local file, nothing. + - If the URL to resolve is a HTTP URL, the username/password. + - If the URL to resolve is a HTTPS URL, the username/password, query + and path. + """ test_str = """ function FindProxyForURL(domain, host) {{ has_secret = domain.indexOf("secret") !== -1; @@ -194,7 +203,7 @@ def test_secret_url(url, has_secret): }} """.format('true' if (has_secret or from_file) else 'false') res = pac.PACResolver(test_str) - res.resolve(QNetworkProxyQuery(QUrl(url))) + res.resolve(QNetworkProxyQuery(QUrl(url)), from_file=from_file) # See https://github.com/qutebrowser/qutebrowser/pull/1891#issuecomment-259222615 |