From deb59fc66e8be8104a5909ea39a6957339427857 Mon Sep 17 00:00:00 2001 From: Florian Bruhin Date: Wed, 1 Mar 2017 14:18:23 +0100 Subject: [PATCH] Don't strip info when loading PAC from a file --- qutebrowser/browser/network/pac.py | 17 ++++++++++++----- tests/unit/browser/webkit/network/test_pac.py | 13 +++++++++++-- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/qutebrowser/browser/network/pac.py b/qutebrowser/browser/network/pac.py index ba8208822..c19b09880 100644 --- a/qutebrowser/browser/network/pac.py +++ b/qutebrowser/browser/network/pac.py @@ -199,18 +199,23 @@ class PACResolver: err = "Cannot resolve FindProxyForURL function, got '{}' instead" raise EvalProxyError(err.format(self._resolver.toString())) - def resolve(self, query): + def resolve(self, query, from_file=False): """Resolve a proxy via PAC. Args: query: QNetworkProxyQuery. + from_file: Whether the proxy info is coming from a file. Return: A list of QNetworkProxy objects in order of preference. """ - string_flags = QUrl.RemoveUserInfo - if query.url().scheme() == 'https': - string_flags |= QUrl.RemovePath | QUrl.RemoveQuery + if from_file: + string_flags = QUrl.PrettyDecoded + else: + string_flags = QUrl.RemoveUserInfo + if query.url().scheme() == 'https': + string_flags |= QUrl.RemovePath | QUrl.RemoveQuery + result = self._resolver.call([query.url().toString(string_flags), query.peerHostName()]) result_str = result.toString() @@ -239,6 +244,7 @@ class PACFetcher(QObject): assert url.scheme().startswith(pac_prefix) url.setScheme(url.scheme()[len(pac_prefix):]) + self._pac_url = url self._manager = QNetworkAccessManager() self._manager.setProxy(QNetworkProxy(QNetworkProxy.NoProxy)) self._reply = self._manager.get(QNetworkRequest(url)) @@ -295,8 +301,9 @@ class PACFetcher(QObject): Return a list of QNetworkProxy objects in order of preference. """ self._wait() + from_file = self._pac_url.scheme() == 'file' try: - return self._pac.resolve(query) + return self._pac.resolve(query, from_file=from_file) except (EvalProxyError, ParseProxyError) as e: log.network.exception("Error in PAC resolution: {}.".format(e)) # .invalid is guaranteed to be inaccessible in RFC 6761. diff --git a/tests/unit/browser/webkit/network/test_pac.py b/tests/unit/browser/webkit/network/test_pac.py index 7e67c71eb..2ad63a496 100644 --- a/tests/unit/browser/webkit/network/test_pac.py +++ b/tests/unit/browser/webkit/network/test_pac.py @@ -182,7 +182,16 @@ def test_fail_return(): ('https://secret@example.com', False), # user stripped with HTTPS ('https://user:secret@example.com', False), # password stripped with HTTPS ]) -def test_secret_url(url, has_secret): +@pytest.mark.parametrize('from_file', [True, False]) +def test_secret_url(url, has_secret, from_file): + """Make sure secret parts in an URL are stripped correctly. + + The following parts are considered secret: + - If the PAC info is loaded from a local file, nothing. + - If the URL to resolve is a HTTP URL, the username/password. + - If the URL to resolve is a HTTPS URL, the username/password, query + and path. + """ test_str = """ function FindProxyForURL(domain, host) {{ has_secret = domain.indexOf("secret") !== -1; @@ -194,7 +203,7 @@ def test_secret_url(url, has_secret): }} """.format('true' if (has_secret or from_file) else 'false') res = pac.PACResolver(test_str) - res.resolve(QNetworkProxyQuery(QUrl(url))) + res.resolve(QNetworkProxyQuery(QUrl(url)), from_file=from_file) # See https://github.com/qutebrowser/qutebrowser/pull/1891#issuecomment-259222615