Fix regex bug, and several python 3 fixes

IncludeSecurity · Jan 17, 2023 · 42dd0c8 · 42dd0c8
1 parent 7927cea
commit 42dd0c8
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 61 deletions.
diff --git a/safeurl/safeurl.py b/safeurl/safeurl.py
@@ -12,21 +12,12 @@
 from numbers import Number
 from socket import gethostbyname_ex
 
-import re
 import netaddr
 import pycurl
 import socket
-import StringIO
-
-# Python 2.7/3 urlparse
-try:
-    # Python 2.7
-    from urlparse import urlparse
-    from urllib import quote
-except:
-    # Python 3
-    from urllib.parse import urlparse
-    from urllib.parse import quote
+import io
+from urllib.parse import urlparse
+from urllib.parse import quote
 
 class ObsoletePyCurlException(Exception): pass
 class InvalidOptionException(Exception): pass
@@ -204,10 +195,9 @@ def isInList(self, lst, type_, value):
             else:
                 return False
 
-        # For domains, a regex match is needed
         if type_ == "domain":
             for domain in dst:
-                if re.match("(?i)^%s" % domain, value) is not None:
+                if domain.lower() == value.lower():
                     return True
             return False
         else:
@@ -661,7 +651,7 @@ def execute(self, url):
             self._handle.setopt(pycurl.URL, url["cleanUrl"])
 
             # Execute the cURL request
-            response = StringIO.StringIO()
+            response = io.BytesIO()
             self._handle.setopt(pycurl.OPENSOCKETFUNCTION, self._openSocketCallback)
             self._handle.setopt(pycurl.WRITEFUNCTION, response.write)
             self._handle.perform()

diff --git a/safeurl/safeurl_examples.py b/safeurl/safeurl_examples.py
diff --git a/safeurl/safeurl_tests.py b/safeurl/safeurl_tests.py
@@ -6,7 +6,7 @@
     sc = safeurl.SafeURL()
     res = sc.execute("https://fin1te.net")
 except:
-    print "Unexpected error:", sys.exc_info()
+    print("Unexpected error:", sys.exc_info())
 
 # options
 try:
@@ -20,13 +20,13 @@
     sc.setOptions(opt)
     res = sc.execute("http://www.youtube.com")
 except:
-    print "Unexpected error:", sys.exc_info()
+    print("Unexpected error:", sys.exc_info())
 
 # url
 try:
     url = safeurl.Url.validateUrl("http://google.com", safeurl.Options())
 except:
-    print "Unexpected error:", sys.exc_info()
+    print("Unexpected error:", sys.exc_info())
 
 # redirects
 try:
@@ -38,7 +38,7 @@
 
     res = sc.execute("http://fin1te.net")
 except:
-    print "Unexpected error:", sys.exc_info()
+    print("Unexpected error:", sys.exc_info())
 
 
 # forbidden host
@@ -51,4 +51,20 @@
 
     res = sc.execute("http://localhost")
 except:
-    print "Error:", sys.exc_info()
+    print("Error:", sys.exc_info())
+
+
+# regex bug
+try:
+    sc = safeurl.SafeURL()
+
+    opt = safeurl.Options()
+    opt.setList("whitelist", ["exam.le"], "domain")
+    sc.setOptions(opt)
+
+    res = sc.execute("https://example.com/")
+
+except:
+    print("Error:", sys.exc_info())
+
+