packages/python-aiohttp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python-aiohttp/CVE-2024-30251-Followup-01.patch
starlet-dx 9d926e8cf7 Fix CVE-2023-47627,CVE-2023-49082,CVE-2024-23334,CVE-2024-23829,CVE-2024-27306 and CVE-2024-30251 
(cherry picked from commit dabdc40effcfef17ad7e2a967edf709e75859b23)
2025-03-06 10:11:34 +08:00

57 lines
2.4 KiB
Diff
Raw Permalink Blame History

From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Mon, 15 Apr 2024 20:47:19 +0100
Subject: Add set_content_disposition test (#8333)
**This is a backport of PR #8332 as merged into master
(482e6cdf6516607360666a48c5828d3dbe959fbd).**
Co-authored-by: Oleg A <t0rr@mail.ru>
---
aiohttp/multipart.py | 7 +++++--
tests/test_multipart.py | 7 +++++++
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/aiohttp/multipart.py b/aiohttp/multipart.py
index f2c4ead..ac7dfdb 100644
--- a/aiohttp/multipart.py
+++ b/aiohttp/multipart.py
@@ -841,8 +841,6 @@ class MultipartWriter(Payload):
if self._is_form_data:
# https://datatracker.ietf.org/doc/html/rfc7578#section-4.7
# https://datatracker.ietf.org/doc/html/rfc7578#section-4.8
- assert CONTENT_DISPOSITION in payload.headers
- assert "name=" in payload.headers[CONTENT_DISPOSITION]
assert (
not {CONTENT_ENCODING, CONTENT_LENGTH, CONTENT_TRANSFER_ENCODING}
& payload.headers.keys()
@@ -923,6 +921,11 @@ class MultipartWriter(Payload):
async def write(self, writer: Any, close_boundary: bool = True) -> None:
"""Write body."""
for part, encoding, te_encoding in self._parts:
+ if self._is_form_data:
+ # https://datatracker.ietf.org/doc/html/rfc7578#section-4.2
+ assert CONTENT_DISPOSITION in part.headers
+ assert "name=" in part.headers[CONTENT_DISPOSITION]
+
await writer.write(b"--" + self._boundary + b"\r\n")
await writer.write(part._binary_headers)
diff --git a/tests/test_multipart.py b/tests/test_multipart.py
index e17817d..89db7f8 100644
--- a/tests/test_multipart.py
+++ b/tests/test_multipart.py
@@ -1122,6 +1122,13 @@ class TestMultipartWriter:
part = writer._parts[0][0]
assert part.headers[CONTENT_TYPE] == "test/passed"
+ async def test_set_content_disposition_after_append(self):
+ writer = aiohttp.MultipartWriter("form-data")
+ payload = writer.append("some-data")
+ payload.set_content_disposition("form-data", name="method")
+ assert CONTENT_DISPOSITION in payload.headers
+ assert "name=" in payload.headers[CONTENT_DISPOSITION]
+
def test_with(self) -> None:
with aiohttp.MultipartWriter(boundary=":") as writer:
writer.append("foo")
Reference in New Issue View Git Blame Copy Permalink