def _configure_basic_auth(
conf: typing.Dict[str, typing.Any]) -> typing.Tuple[str, str]:
url = conf["url"]
auth_provider = conf.pop("basic.auth.credentials.source",
"URL").upper()
if auth_provider not in utils.VALID_AUTH_PROVIDERS:
raise ValueError(f"""
schema.registry.basic.auth.credentials.source
must be one of {utils.VALID_AUTH_PROVIDERS}
""")
if auth_provider == "USER_INFO":
auth = tuple(conf.pop("basic.auth.user.info", "").split(":"))
elif auth_provider == "SASL_INHERIT":
if conf.pop("sasl.mechanism", "").upper() is ["GSSAPI"]:
raise ValueError(
"SASL_INHERIT does not support SASL mechanisms GSSAPI")
auth = (conf.pop("sasl.username",
""), conf.pop("sasl.password", ""))
else:
auth = requests_utils.get_auth_from_url(url)
# remove ignore after mypy fix https://github.com/python/mypy/issues/4805
return auth # type: ignore
def proxy_manager_for(self, proxy, **proxy_kwargs):
if proxy in self.proxy_manager:
manager = self.proxy_manager[proxy]
elif proxy.lower().startswith('socks'):
username, password = get_auth_from_url(proxy)
manager = self.proxy_manager[proxy] = SOCKSProxyManager(
proxy,
username=username,
password=password,
num_pools=self._pool_connections,
maxsize=self._pool_maxsize,
block=self._pool_block,
assert_hostname=False,
**proxy_kwargs)
else:
proxy_headers = self.proxy_headers(proxy)
manager = self.proxy_manager[proxy] = proxy_from_url(
proxy,
proxy_headers=proxy_headers,
num_pools=self._pool_connections,
maxsize=self._pool_maxsize,
block=self._pool_block,
assert_hostname=False,
**proxy_kwargs)
return manager
def requests_3_sde(one_input):
try:
ipt_data = str(one_input)
except UnicodeDecodeError:
sys.exit(0)
url = "http://{}:{}@test.com/test".format(quote(ipt_data), quote(ipt_data))
usr, pwd = get_auth_from_url(url)
assert usr == ipt_data and pwd == ipt_data
def __init__(self, conf):
self.session = Session()
# copy dict to avoid mutating the original
conf_copy = conf.copy()
base_url = conf_copy.pop('url', None)
if base_url is None:
raise ValueError("Missing required configuration property url")
if not isinstance(base_url, string_type):
raise TypeError("url must be an instance of str, not " +
str(type(base_url)))
if not base_url.startswith('http'):
raise ValueError("Invalid url {}".format(base_url))
self.base_url = base_url.rstrip('/')
# The following configs map Requests Session class properties.
# See the API docs for specifics.
# https://requests.readthedocs.io/en/master/api/#request-sessions
ca = conf_copy.pop('ssl.ca.location', None)
if ca is not None:
self.session.verify = ca
key = conf_copy.pop('ssl.key.location', None)
cert = conf_copy.pop('ssl.certificate.location', None)
if cert is not None and key is not None:
self.session.cert = (cert, key)
if cert is not None and key is None:
self.session.cert = cert
if key is not None and cert is None:
raise ValueError("ssl.certificate.location required when"
" configuring ssl.key.location")
userinfo = utils.get_auth_from_url(base_url)
if 'basic.auth.user.info' in conf_copy:
if userinfo != ('', ''):
raise ValueError("basic.auth.user.info configured with"
" userinfo credentials in the URL."
" Remove userinfo credentials from the url or"
" remove basic.auth.user.info from the"
" configuration")
userinfo = tuple(
conf_copy.pop('basic.auth.user.info', '').split(':'))
if len(userinfo) != 2:
raise ValueError("basic.auth.user.info must be in the form"
" of {username}:{password}")
self.session.auth = userinfo if userinfo != ('', '') else None
# Any leftover keys are unknown to _RestClient
if len(conf_copy) > 0:
raise ValueError("Unrecognized properties: {}".format(", ".join(
conf_copy.keys())))
def test_get_auth_from_url(self):
""" Ensures that username and password in well-encoded URI as per RFC 3986 are correclty extracted """
from requests.utils import get_auth_from_url
from requests.compat import quote
percent_encoding_test_chars = "%!*'();:@&=+$,/?#[] "
url_address = "request.com/url.html#test"
url = "http://" + quote(percent_encoding_test_chars, '') + ':' + quote(percent_encoding_test_chars, '') + '@' + url_address
(username, password) = get_auth_from_url(url)
assert username == percent_encoding_test_chars
assert password == percent_encoding_test_chars
def test_get_auth_from_url(self):
""" Ensures that username and password in well-encoded URI as per RFC 3986 are correclty extracted """
from requests.utils import get_auth_from_url
from requests.compat import quote
percent_encoding_test_chars = "%!*'();:@&=+$,/?#[] "
url_address = "request.com/url.html#test"
url = "http://" + quote(percent_encoding_test_chars, '') + ':' + quote(percent_encoding_test_chars, '') + '@' + url_address
(username, password) = get_auth_from_url(url)
assert username == percent_encoding_test_chars
assert password == percent_encoding_test_chars
def proxy_headers(self, proxy):
headers = {}
username, password = get_auth_from_url(proxy)
if username and password:
username = unquote(username)
password = unquote(password)
headers["Proxy-Authorization"] = _basic_auth_str(username, password)
return headers
def __init__(self, uri):
# move basic auth creds into headers to avoid
# https://github.com/requests/requests/issues/4275
username, password = get_auth_from_url(uri)
uri = urldefragauth(uri)
self._base_url = '{}/api'.format(uri)
self._session = Session()
self._session.auth = HTTPBasicAuth(username, password)
self._session.headers['content-type'] = 'application/json'
self._verify_api_connection()
def __init__(self, uri):
# move basic auth creds into headers to avoid
# https://github.com/requests/requests/issues/4275
username, password = get_auth_from_url(uri)
uri = urldefragauth(uri)
self._base_url = '{}/api'.format(uri)
self._session = Session()
self._session.auth = HTTPBasicAuth(username, password)
self._session.headers['content-type'] = 'application/json'
self._verify_api_connection()
def _apply_basic_auth(request):
# this logic duplicated from Session.prepare_request and PreparedRequest.prepare_auth
url_auth = get_auth_from_url(request.url)
auth = url_auth if any(url_auth) else None
if auth is None:
# look for auth information in a .netrc file
auth = get_netrc_auth(request.url)
if isinstance(auth, tuple) and len(auth) == 2:
request.headers['Authorization'] = _basic_auth_str(*auth)
return request
def _apply_basic_auth(request):
# this logic duplicated from Session.prepare_request and PreparedRequest.prepare_auth
url_auth = get_auth_from_url(request.url)
auth = url_auth if any(url_auth) else None
if auth is None:
# look for auth information in a .netrc file
auth = get_netrc_auth(request.url)
if isinstance(auth, tuple) and len(auth) == 2:
request.headers['Authorization'] = _basic_auth_str(*auth)
return request
def _configure_basic_auth(url, conf):
auth_provider = conf.pop('basic.auth.credentials.source', 'URL').upper()
if auth_provider not in VALID_AUTH_PROVIDERS:
raise ValueError("schema.registry.basic.auth.credentials.source must be one of {}"
.format(VALID_AUTH_PROVIDERS))
if auth_provider == 'SASL_INHERIT':
if conf.pop('sasl.mechanism', '').upper() is ['GSSAPI']:
raise ValueError("SASL_INHERIT does not support SASL mechanisms GSSAPI")
auth = (conf.pop('sasl.username', ''), conf.pop('sasl.password', ''))
elif auth_provider == 'USER_INFO':
auth = tuple(conf.pop('basic.auth.user.info', '').split(':'))
else:
auth = utils.get_auth_from_url(url)
return auth
def get_proxy_headers(proxy):
"""Returns a dictionary of the headers to add to any request sent
through a proxy. This works with urllib3 magic to ensure that they are
correctly sent to the proxy, rather than in a tunnelled request if
CONNECT is being used.
:param proxies: The url of the proxy being used for this request.
:rtype: dict
"""
headers = {}
username, password = get_auth_from_url(proxy)
if username:
headers['Proxy-Authorization'] = _basic_auth_str(username, password)
return headers
def _configure_basic_auth(url, conf):
auth_provider = conf.pop("basic.auth.credentials.source",
"URL").upper()
if auth_provider not in VALID_AUTH_PROVIDERS:
raise ValueError(
"schema.registry.basic.auth.credentials.source must be one of {}"
.format(VALID_AUTH_PROVIDERS))
if auth_provider == "SASL_INHERIT":
if conf.pop("sasl.mechanism", "").upper() == "GSSAPI":
raise ValueError(
"SASL_INHERIT does not support SASL mechanism GSSAPI")
auth = (conf.pop("sasl.username",
""), conf.pop("sasl.password", ""))
elif auth_provider == "USER_INFO":
auth = tuple(conf.pop("basic.auth.user.info", "").split(":"))
else:
auth = utils.get_auth_from_url(url)
return auth
def _negotiate_socks(self, addr, proxy_addr):
parsed = urlparse(proxy_addr[0])
if parsed.scheme == 'socks5':
socks_version, rdns = 2, False
elif parsed.scheme == 'socks5h':
socks_version, rdns = 2, True
elif parsed.scheme == 'socks4':
socks_version, rdns = 1, False
elif parsed.scheme == 'socks4a':
socks_version, rdns = 1, True
else:
raise ValueError('Unable to determine SOCKS version from %s' %
addr[0])
username, password = get_auth_from_url(addr[0])
stream = SockIOStream((socks_version, rdns, parsed.hostname,
proxy_addr[1], username, password))
return stream.connect(*addr)
def _configure_basic_auth(conf: dict) -> typing.Union[None, str, typing.Tuple[str, str]]:
url = conf["url"]
auth_provider = conf.pop("basic.auth.credentials.source", "URL").upper()
if auth_provider not in utils.VALID_AUTH_PROVIDERS:
raise ValueError(
f"schema.registry.basic.auth.credentials.source " f"must be one of {utils.VALID_AUTH_PROVIDERS}"
)
if auth_provider == "SASL_INHERIT":
if conf.pop("sasl.mechanism", "").upper() is ["GSSAPI"]:
raise ValueError("SASL_INHERIT does not support SASL mechanisms GSSAPI")
auth = (conf.pop("sasl.username", ""), conf.pop("sasl.password", ""))
elif auth_provider == "USER_INFO":
auth = tuple(conf.pop("basic.auth.user.info", "").split(":")) # type: ignore
else:
auth = requests_utils.get_auth_from_url(url)
conf["url"] = requests_utils.urldefragauth(url)
return auth
def rebuild_proxies(self, prepared_request, proxies):
"""This method re-evaluates the proxy configuration by considering the
environment variables. If we are redirected to a URL covered by
NO_PROXY, we strip the proxy configuration. Otherwise, we set missing
proxy keys for this URL (in case they were stripped by a previous
redirect).
This method also replaces the Proxy-Authorization header where
necessary.
:rtype: dict
"""
proxies = proxies if proxies is not None else {}
headers = prepared_request.headers
url = prepared_request.url
scheme = urlparse(url).scheme
new_proxies = proxies.copy()
no_proxy = proxies.get('no_proxy')
bypass_proxy = should_bypass_proxies(url, no_proxy=no_proxy)
# if self.trust_env and not bypass_proxy:
# environ_proxies = get_environ_proxies(url, no_proxy=no_proxy)
#
# proxy = environ_proxies.get(scheme, environ_proxies.get('all'))
#
# if proxy:
# new_proxies.setdefault(scheme, proxy)
if 'Proxy-Authorization' in headers:
del headers['Proxy-Authorization']
try:
username, password = get_auth_from_url(new_proxies[scheme])
except KeyError:
username, password = None, None
if username and password:
headers['Proxy-Authorization'] = _basic_auth_str(
username, password)
return new_proxies
# @Version: 0.0.5 # @Author: LightningRS # @Email: [email protected] # @Desc: PyFuzzSDE Real Project Benchmark (requests-3) AFL Adapter # @BugAt: https://github.com/psf/requests/commit/ac4e05874a1a983ca126185a0e4d4e74915f792e # @Fixed: https://github.com/psf/requests/commit/ca187abd13052fee100909076358fca89b473e0f # @Changelog: # 2021/05/18: Improve performance # 2021/05/18: Create benchmark import afl import os import sys base_path = os.path.join(os.path.dirname(__file__), "requests") sys.path.append(base_path) from requests.utils import get_auth_from_url from requests.compat import quote afl.init() try: ipt_data = str(sys.stdin.read()) except UnicodeDecodeError: os._exit(0) url = "http://{}:{}@test.com/test".format(quote(ipt_data), quote(ipt_data)) usr, pwd = get_auth_from_url(url) print(str((usr, pwd))) assert usr == ipt_data and pwd == ipt_data os._exit(0)
def test_get_auth_from_url(url, auth):
assert get_auth_from_url(url) == auth
def test_get_auth_from_url(url, auth):
assert get_auth_from_url(url) == auth
