Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Client] Incorrect handling of '..' in url path. #1996

Closed
panagiks opened this issue Jun 21, 2017 · 5 comments
Closed

[Client] Incorrect handling of '..' in url path. #1996

panagiks opened this issue Jun 21, 2017 · 5 comments
Labels
outdated

Comments

@panagiks
Copy link
Contributor

Long story short

When making a request with a ClientSession object:
If a requested path contains a path level that is .. it is not translated by removing the previous level from the path.

Expected behaviour

Example:
A request to http://mysite.com/lvl1/lvl2/../file.tar.gz should be translated to http://mysite.com/lvl1/file.tar.gz before sending.

Actual behaviour

The request is sent to http://mysite.com/lvl1/lvl2/../file.tar.gz

Steps to reproduce

import asyncio
import aiohttp

@asyncio.coroutine
def main():
    session = aiohttp.ClientSession()
    resp = yield from session.get('https://pypi.python.org/simple/aiohttp-swagger/../../packages/f1/db/0d22688d79b5de9fc325c5438a0b036bca9d711f80190aa2308f7a3942ad/aiohttp-swagger-1.0.0.tar.gz')
    print(resp.status)
    session.close()

asyncio.get_event_loop().run_until_complete(main())

In contrary with wget :

wget https://pypi.python.org/simple/aiohttp-swagger/../../packages/f1/db/0d22688d79b5de9fc325c5438a0b036bca9d711f80190aa2308f7a3942ad/aiohttp-swagger-1.0.0.tar.gz

will result in

--2017-06-21 14:52:30--  https://pypi.python.org/packages/f1/db/0d22688d79b5de9fc325c5438a0b036bca9d711f80190aa2308f7a3942ad/aiohttp-swagger-1.0.0.tar.gz
Resolving pypi.python.org (pypi.python.org)... 151.101.112.223, 2a04:4e42:1b::223
Connecting to pypi.python.org (pypi.python.org)|151.101.112.223|:443... connected.
HTTP request sent, awaiting response... 200 OK

Note that it translates the url path before sending the request.

Your environment

Ubuntu16.04 amd64 Python3.5 aiohttp 2.1.0
@asvetlov
Copy link
Member

Well, it should be done in yarl library on path normalization

@panagiks
Copy link
Contributor Author

Yeah, I don't know the structure of the project (and as a result which module should do it) that's why I am reporting it here. If there is no further action that can/should be taken by aiohttp feel free to close the issue.

@asvetlov
Copy link
Member

Please create an issue in https://github.com/aio-libs/yarl and close it here.

@panagiks
Copy link
Contributor Author

Ok opened a ticket to yarl.

@aio-libs-bot aio-libs-bot mentioned this issue Oct 3, 2018
Closed
@lock
Copy link

lock bot commented Oct 28, 2019

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.

@lock lock bot added the outdated label Oct 28, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Oct 28, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
outdated
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@asvetlov @panagiks