Skip to content

fix: handle tags like debian/2%2.6-21 as identifiers#1336

Merged
nejch merged 1 commit intopython-gitlab:masterfrom
emanueleaina:fix/quote-everything
Mar 6, 2021
Merged

fix: handle tags like debian/2%2.6-21 as identifiers#1336
nejch merged 1 commit intopython-gitlab:masterfrom
emanueleaina:fix/quote-everything

Conversation

@emanueleaina
Copy link
Contributor

@emanueleaina emanueleaina commented Feb 26, 2021
edited
Loading

Git refnames are relatively free-form and can contain all sort for
special characters, not just / and #, see
http://git-scm.com/docs/git-check-ref-format

In particular, Debian's DEP-14 standard for storing packaging in git
repositories mandates the use of the % character in tags in some
cases like debian/2%2.6-21.

Unfortunately python-gitlab currently only escapes / to %2F and in
some cases # to %23. This means that when using the commit API to
retrieve information about the debian/2%2.6-21 tag only the slash is
escaped before being inserted in the URL path and the % is left
untouched, resulting in something like
/api/v4/projects/123/repository/commits/debian%2F2%2.6-21. When
urllib3 sees that, it detects the invalid % escape and then urlencodes
the whole string, resulting in
/api/v4/projects/123/repository/commits/debian%252F2%252.6-21, where
the original / got escaped twice and produced %252F.

To avoid the issue, fully urlencode identifiers and parameters to avoid
the urllib3 auto-escaping in all cases.

I've run the unit tests but not the integration ones, so in theory this does
not break anything but I can't really confirm it. All I can firmly say is that it
fixes the issue I hit. :D

JohnVillalovos
JohnVillalovos requested changes Feb 26, 2021
View reviewed changes
gitlab/utils.py Outdated

def clean_str_id(id: str) -> str:
return id.replace("/", "%2F").replace("#", "%23")
def clean_str_id(id):
Copy link
Member

@JohnVillalovos JohnVillalovos Feb 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can the type-hints not be removed?

Copy link
Contributor Author

@emanueleaina emanueleaina Mar 5, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uuuuh, absolutely yes, sorry. Fixing it now!

@JohnVillalovos
Copy link
Member

JohnVillalovos commented Feb 26, 2021

Overall looks good to me. Please put the type-hints back in. Also change "fix: Handle..." to "fix: handle" to fix the lint issue.

Thanks.

@nejch nejch mentioned this pull request Mar 2, 2021
Closed
@emanueleaina emanueleaina force-pushed the fix/quote-everything branch 2 times, most recently from f213a90 to 41dc7bf Compare March 5, 2021 00:02
@codecov-io
Copy link

codecov-io commented Mar 5, 2021
edited
Loading

Codecov Report

Merging #1336 (b4dac5c) into master (aa13214) will not change coverage.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1336   +/-   ##
=======================================
  Coverage   80.21%   80.21%           
=======================================
  Files          73       73           
  Lines        3801     3801           
=======================================
  Hits         3049     3049           
  Misses        752      752
Flag Coverage Δ
unit 80.21% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
gitlab/utils.py 71.42% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update aa13214...b4dac5c. Read the comment docs.

@emanueleaina
fix: handle tags like debian/2%2.6-21 as identifiers
b4dac5c 
Git refnames are relatively free-form and can contain all sort for
special characters, not just `/` and `#`, see
http://git-scm.com/docs/git-check-ref-format

In particular, Debian's DEP-14 standard for storing packaging in git
repositories mandates the use of the `%` character in tags in some
cases like `debian/2%2.6-21`.

Unfortunately python-gitlab currently only escapes `/` to `%2F` and in
some cases `#` to `%23`. This means that when using the commit API to
retrieve information about the `debian/2%2.6-21` tag only the slash is
escaped before being inserted in the URL path and the `%` is left
untouched, resulting in something like
`/api/v4/projects/123/repository/commits/debian%2F2%2.6-21`. When
urllib3 seees that it detects the invalid `%` escape and then urlencodes
the whole string, resulting in
`/api/v4/projects/123/repository/commits/debian%252F2%252.6-21`, where
the original `/` got escaped twice and produced `%252F`.

To avoid the issue, fully urlencode identifiers and parameters to avoid
the urllib3 auto-escaping in all cases.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
@emanueleaina emanueleaina force-pushed the fix/quote-everything branch from 41dc7bf to b4dac5c Compare March 5, 2021 00:04
@emanueleaina emanueleaina changed the title fix: Handle tags like debian/2%2.6-21 as identifiers fix: handle tags like debian/2%2.6-21 as identifiers Mar 5, 2021
nejch
nejch approved these changes Mar 6, 2021
View reviewed changes
Copy link
Member

@nejch nejch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @em-! I'm now questioning why there was any custom URL encoding in the first place, but I've opened a follow-up in #1356 :)

@nejch nejch merged commit 48fc907 into python-gitlab:master Mar 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JohnVillalovos JohnVillalovos JohnVillalovos approved these changes

@nejch nejch nejch approved these changes

Assignees

@emanueleaina emanueleaina

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@emanueleaina @JohnVillalovos @codecov-io @nejch