vendor: add patched core.validators from Django 1.11.29

Specifically: * vendor: add Django 1.11.29 to vendor.txt * vendor: add Django 1.11.29 dist info * vendor: add upgrade flag to vendor install to force replacement and see diff * vendor: clean vendor bin/ and unused django files after install * vendor: add django.core.validators * vendor: patch django/core/validators.py * vendor: apply patch post install * vendor: install into DEST env var * scripts: vendor_verify.sh use pip_install_vendor.sh with DEST env var * vendor: update vendor requirements * scripts: vendor_verify.sh ignore patch file
mozilla · Feb 1, 2021 · c405b7b · c405b7b
1 parent 79b7a3c
commit c405b7b
Show file tree

Hide file tree

Showing 16 changed files with 3,970 additions and 4 deletions.
diff --git a/bleach/_vendor/0001-patch-validator.patch b/bleach/_vendor/0001-patch-validator.patch
diff --git a/bleach/_vendor/Django-1.11.29.dist-info/INSTALLER b/bleach/_vendor/Django-1.11.29.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/bleach/_vendor/Django-1.11.29.dist-info/LICENSE b/bleach/_vendor/Django-1.11.29.dist-info/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) Django Software Foundation and individual contributors.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    3. Neither the name of Django nor the names of its contributors may be used
+       to endorse or promote products derived from this software without
+       specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/bleach/_vendor/Django-1.11.29.dist-info/METADATA b/bleach/_vendor/Django-1.11.29.dist-info/METADATA
@@ -0,0 +1,37 @@
+Metadata-Version: 2.1
+Name: Django
+Version: 1.11.29
+Summary: A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
+Home-page: https://www.djangoproject.com/
+Author: Django Software Foundation
+Author-email: [email protected]
+License: BSD
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Framework :: Django
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Internet :: WWW/HTTP :: WSGI
+Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Dist: pytz
+Provides-Extra: argon2
+Requires-Dist: argon2-cffi (>=16.1.0) ; extra == 'argon2'
+Provides-Extra: bcrypt
+Requires-Dist: bcrypt ; extra == 'bcrypt'
+
+UNKNOWN
+
+
diff --git a/bleach/_vendor/Django-1.11.29.dist-info/RECORD b/bleach/_vendor/Django-1.11.29.dist-info/RECORD
diff --git a/bleach/_vendor/Django-1.11.29.dist-info/REQUESTED b/bleach/_vendor/Django-1.11.29.dist-info/REQUESTED
diff --git a/bleach/_vendor/Django-1.11.29.dist-info/WHEEL b/bleach/_vendor/Django-1.11.29.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.33.1)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/bleach/_vendor/Django-1.11.29.dist-info/entry_points.txt b/bleach/_vendor/Django-1.11.29.dist-info/entry_points.txt
@@ -0,0 +1,3 @@
+[console_scripts]
+django-admin = django.core.management:execute_from_command_line
+
diff --git a/bleach/_vendor/Django-1.11.29.dist-info/top_level.txt b/bleach/_vendor/Django-1.11.29.dist-info/top_level.txt
@@ -0,0 +1 @@
+django
diff --git a/bleach/_vendor/README.rst b/bleach/_vendor/README.rst
@@ -10,8 +10,9 @@ Vendored libraries must follow these rules:
 1. Vendored libraries must be pure Python--no compiling.
 2. Source code for the libary is included in this directory.
 3. License must be included in this repo and in the Bleach distribution.
-4. Requirements of the library become requirements of Bleach.
-5. No modifications to the library may be made.
+4. Transitive requirements of the library become requirements of Bleach.
+5. ``pip_install_vendor.sh`` results in the same code that is vendored
+   in-tree (i.e. is reproducible in the dev environment)
 
 
 Adding/Updating a vendored library

diff --git a/bleach/_vendor/django/__init__.py b/bleach/_vendor/django/__init__.py
diff --git a/bleach/_vendor/django/core/__init__.py b/bleach/_vendor/django/core/__init__.py
diff --git a/bleach/_vendor/django/core/validators.py b/bleach/_vendor/django/core/validators.py
@@ -0,0 +1,42 @@
+from __future__ import unicode_literals
+
+import re
+
+
+class URLValidator(object):
+    ul = "\u00a1-\uffff"  # unicode letters range (must be a unicode string, not a raw string)
+
+    # IP patterns
+    ipv4_re = (
+        r"(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}"
+    )
+    ipv6_re = r"\[[0-9a-f:\.]+\]"  # (simple regex, validated later)
+
+    # Host patterns
+    hostname_re = (
+        r"[a-z" + ul + r"0-9](?:[a-z" + ul + r"0-9-]{0,61}[a-z" + ul + r"0-9])?"
+    )
+    # Max length for domain name labels is 63 characters per RFC 1034 sec. 3.1
+    domain_re = r"(?:\.(?!-)[a-z" + ul + r"0-9-]{1,63}(?<!-))*"
+    tld_re = (
+        r"\."  # dot
+        r"(?!-)"  # can't start with a dash
+        r"(?:[a-z" + ul + "-]{2,63}"  # domain label
+        r"|xn--[a-z0-9]{1,59})"  # or punycode label
+        r"(?<!-)"  # can't end with a dash
+        r"\.?"  # may have a trailing dot
+    )
+    host_re = "(" + hostname_re + domain_re + tld_re + "|localhost)"
+
+    netloc_re = r"(?:" + ipv4_re + "|" + ipv6_re + "|" + host_re + ")"
+    port_re = r"(?::\d{2,5})?"  # port
+
+    regex = re.compile(
+        r"^(?:[a-z0-9\.\-\+]*)://"  # scheme is validated separately
+        r"(?:\S+(?::\S*)?@)?"  # user:pass authentication
+        + netloc_re
+        + port_re
+        + r"(?:[/?#][^\s]*)?"  # resource path
+        r"\Z",
+        re.IGNORECASE,
+    )
diff --git a/bleach/_vendor/pip_install_vendor.sh b/bleach/_vendor/pip_install_vendor.sh
@@ -1,4 +1,25 @@
 #!/bin/bash
 
+# installs and patches vendored dependencies into env var DEST which
+# defaults to the CWD
+#
+# runs from bleach/_vendor
+SCRIPTPATH=$(dirname "$(readlink -f "$0")")
 
-pip install --no-binary all --no-compile --no-deps -r vendor.txt --target .
+DEST=${DEST:-"$(pwd)"}
+echo "installing vendored packages into ${DEST}"
+
+pip install --upgrade --no-binary all --no-compile --no-deps -r "${SCRIPTPATH}/vendor.txt" --target "${DEST}"
+rm -rf "${DEST}/bin/"
+
+# keep django django/core/validators.py and init files to import it
+# remove everything else
+echo "cleaning files in ${DEST}/django"
+find "${DEST}/django" -type f -not -wholename "${DEST}/django/core/validators.py" -delete
+find "${DEST}/django" -empty -type d -delete
+touch "${DEST}/django/__init__.py" "${DEST}/django/core/__init__.py"
+
+# patch django/core/validators.py so we don't need the rest of django and expose the regexes we want to use
+# NB: can't use git apply since vendor_verify.sh runs in a temp dir
+echo "patching file in ${DEST} with ${SCRIPTPATH}/0001-patch-validator.patch"
+patch --directory="${DEST}" --batch -p3 < "${SCRIPTPATH}/0001-patch-validator.patch"
diff --git a/bleach/_vendor/vendor.txt b/bleach/_vendor/vendor.txt
@@ -1,3 +1,6 @@
+Django==1.11.29 \
+    --hash=sha256:014e3392058d94f40569206a24523ce254d55ad2f9f46c6550b0fe2e4f94cf3f \
+    --hash=sha256:4200aefb6678019a0acf0005cd14cfce3a5e6b9b90d06145fcdd2e474ad4329c
 html5lib==1.1 \
     --hash=sha256:0d78f8fde1c230e99fe37986a60526d7049ed4bf8a9fadbad5f00e22e58e041d \
     --hash=sha256:b2e5b40261e20f354d198eae92afc10d750afb487ed5e50f9c4eaf07c184146f
diff --git a/scripts/vendor_verify.sh b/scripts/vendor_verify.sh
@@ -16,7 +16,7 @@ mkdir "${DEST}"
 pip --version
 
 # Install vendored dependencies into temp directory
-pip install --no-binary all --no-compile --no-deps -r bleach/_vendor/vendor.txt --target "${DEST}"
+DEST="${DEST}" ./bleach/_vendor/pip_install_vendor.sh
 
 # Diff contents of temp directory and bleach/_vendor/ excluding vendoring
 # infrastructure
@@ -28,6 +28,7 @@ diff -r \
     --exclude="pip_install_vendor.sh" \
     --exclude="__pycache__" \
     --exclude="RECORD" \
+    --exclude="0001-vendor-add-patched-core.validators-from-Django-1.11..patch" \
     bleach/_vendor/ "${DEST}"
 
 # Go through all RECORD files and compare sorted versions; RECORD files are