Don't strip info when loading PAC from a file

2017-03-01 14:18:23 +01:00 · 2017-03-01 14:18:23 +01:00 · deb59fc66e
commit deb59fc66e
parent 9bb5c9fdab
2 changed files with 23 additions and 7 deletions
--- a/qutebrowser/browser/network/pac.py
+++ b/qutebrowser/browser/network/pac.py
@ -199,18 +199,23 @@ class PACResolver:
            err = "Cannot resolve FindProxyForURL function, got '{}' instead"
            raise EvalProxyError(err.format(self._resolver.toString()))

-    def resolve(self, query):
+    def resolve(self, query, from_file=False):
        """Resolve a proxy via PAC.

        Args:
            query: QNetworkProxyQuery.
+            from_file: Whether the proxy info is coming from a file.

        Return:
            A list of QNetworkProxy objects in order of preference.
        """
-        string_flags = QUrl.RemoveUserInfo
-        if query.url().scheme() == 'https':
-            string_flags |= QUrl.RemovePath | QUrl.RemoveQuery
+        if from_file:
+            string_flags = QUrl.PrettyDecoded
+        else:
+            string_flags = QUrl.RemoveUserInfo
+            if query.url().scheme() == 'https':
+                string_flags |= QUrl.RemovePath | QUrl.RemoveQuery
+
        result = self._resolver.call([query.url().toString(string_flags),
                                      query.peerHostName()])
        result_str = result.toString()
@ -239,6 +244,7 @@ class PACFetcher(QObject):
        assert url.scheme().startswith(pac_prefix)
        url.setScheme(url.scheme()[len(pac_prefix):])

+        self._pac_url = url
        self._manager = QNetworkAccessManager()
        self._manager.setProxy(QNetworkProxy(QNetworkProxy.NoProxy))
        self._reply = self._manager.get(QNetworkRequest(url))
@ -295,8 +301,9 @@ class PACFetcher(QObject):
        Return a list of QNetworkProxy objects in order of preference.
        """
        self._wait()
+        from_file = self._pac_url.scheme() == 'file'
        try:
-            return self._pac.resolve(query)
+            return self._pac.resolve(query, from_file=from_file)
        except (EvalProxyError, ParseProxyError) as e:
            log.network.exception("Error in PAC resolution: {}.".format(e))
            # .invalid is guaranteed to be inaccessible in RFC 6761.
--- a/tests/unit/browser/webkit/network/test_pac.py
+++ b/tests/unit/browser/webkit/network/test_pac.py
@ -182,7 +182,16 @@ def test_fail_return():
    ('https://secret@example.com', False),  # user stripped with HTTPS
    ('https://user:secret@example.com', False),  # password stripped with HTTPS
 ])
-def test_secret_url(url, has_secret):
+@pytest.mark.parametrize('from_file', [True, False])
+def test_secret_url(url, has_secret, from_file):
+    """Make sure secret parts in an URL are stripped correctly.
+
+    The following parts are considered secret:
+        - If the PAC info is loaded from a local file, nothing.
+        - If the URL to resolve is a HTTP URL, the username/password.
+        - If the URL to resolve is a HTTPS URL, the username/password, query
+          and path.
+    """
    test_str = """
        function FindProxyForURL(domain, host) {{
            has_secret = domain.indexOf("secret") !== -1;
@ -194,7 +203,7 @@ def test_secret_url(url, has_secret):
        }}
    """.format('true' if (has_secret or from_file) else 'false')
    res = pac.PACResolver(test_str)
-    res.resolve(QNetworkProxyQuery(QUrl(url)))
+    res.resolve(QNetworkProxyQuery(QUrl(url)), from_file=from_file)


 # See https://github.com/qutebrowser/qutebrowser/pull/1891#issuecomment-259222615