yarl Improper validation of the port in `URL.with

Improper validation of the port in `URL.with_port`

Open decorator-factory opened this issue 2 years ago • 0 comments

Describe the bug

URL.with_port doesn't fully validate its argument. It is possible to set a boolean port, a negative port, or a port greater than 65535. Additionally, if the provided port is 0, it is treated as None (i.e. removes the port).

Notably, a bool port or a port out of range will cause an error when trying to retrieve the port:

from yarl import URL
url = URL("http://example.com")
true_url = url.with_port(True)
print(true_url.port)  # ValueError here

To Reproduce

Install yarl==1.7.2
Run the following code:

from yarl import URL
url = URL("http://example.com")
print(url.with_port(True))
print(url.with_port(0))
print(url.with_port(-1))
print(url.with_port(99999))

Expected behavior

yarl.URL("http://example.com").with_port(True) raises a TypeError
yarl.URL("http://example.com").with_port(0) raises a ValueError
yarl.URL("http://example.com").with_port(-1) raises a ValueError
yarl.URL("http://example.com").with_port(99999) raises a ValueError

Logs/tracebacks

Output of the code in To Reproduce

http://example.com:True
http://example.com
http://example.com:-1
http://example.com:99999

Python Version

CPython 3.9.8

multidict Version

6.0.2

yarl Version

1.7.2

OS

Manjaro Linux

Additional context

No response

Code of Conduct

[X] I agree to follow the aio-libs Code of Conduct

Jul 02 '22 13:07 decorator-factory

yarl yarl copied to clipboard

Improper validation of the port in `URL.with_port`

Describe the bug

To Reproduce

Expected behavior

Logs/tracebacks

Python Version

multidict Version

yarl Version

OS

Additional context

Code of Conduct

yarl
yarl copied to clipboard