Skip to content

fix: handle tags like debian/2%2.6-21 as identifiers #1336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 6, 2021
Merged

fix: handle tags like debian/2%2.6-21 as identifiers #1336

merged 1 commit into from
Mar 6, 2021

Conversation

emanueleaina
Copy link
Contributor

@emanueleaina emanueleaina commented Feb 26, 2021
edited
Loading

Git refnames are relatively free-form and can contain all sort for
special characters, not just / and #, see
http://git-scm.com/docs/git-check-ref-format

In particular, Debian's DEP-14 standard for storing packaging in git
repositories mandates the use of the % character in tags in some
cases like debian/2%2.6-21.

Unfortunately python-gitlab currently only escapes / to %2F and in
some cases # to %23. This means that when using the commit API to
retrieve information about the debian/2%2.6-21 tag only the slash is
escaped before being inserted in the URL path and the % is left
untouched, resulting in something like
/api/v4/projects/123/repository/commits/debian%2F2%2.6-21. When
urllib3 sees that, it detects the invalid % escape and then urlencodes
the whole string, resulting in
/api/v4/projects/123/repository/commits/debian%252F2%252.6-21, where
the original / got escaped twice and produced %252F.

To avoid the issue, fully urlencode identifiers and parameters to avoid
the urllib3 auto-escaping in all cases.

I've run the unit tests but not the integration ones, so in theory this does
not break anything but I can't really confirm it. All I can firmly say is that it
fixes the issue I hit. :D

JohnVillalovos
JohnVillalovos requested changes Feb 26, 2021
View reviewed changes
gitlab/utils.py Outdated
@@ -55,15 +55,15 @@ def copy_dict(dest: Dict[str, Any], src: Dict[str, Any]) -> None:
dest[k] = v


def clean_str_id(id: str) -> str:
return id.replace("/", "%2F").replace("#", "%23")
def clean_str_id(id):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can the type-hints not be removed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uuuuh, absolutely yes, sorry. Fixing it now!

@JohnVillalovos
Copy link
Member

Overall looks good to me. Please put the type-hints back in. Also change "fix: Handle..." to "fix: handle" to fix the lint issue.

Thanks.

@nejch nejch mentioned this pull request Mar 2, 2021
Closed
@emanueleaina emanueleaina force-pushed the fix/quote-everything branch 2 times, most recently from f213a90 to 41dc7bf Compare March 5, 2021 00:02
@codecov-io
Copy link

codecov-io commented Mar 5, 2021
edited
Loading

Codecov Report

Merging #1336 (b4dac5c) into master (aa13214) will not change coverage.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1336   +/-   ##
=======================================
  Coverage   80.21%   80.21%           
=======================================
  Files          73       73           
  Lines        3801     3801           
=======================================
  Hits         3049     3049           
  Misses        752      752
Flag Coverage Δ
unit 80.21% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
gitlab/utils.py 71.42% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update aa13214...b4dac5c. Read the comment docs.

@emanueleaina
fix: handle tags like debian/2%2.6-21 as identifiers
b4dac5c 
Git refnames are relatively free-form and can contain all sort for
special characters, not just `/` and `#`, see
http://git-scm.com/docs/git-check-ref-format

In particular, Debian's DEP-14 standard for storing packaging in git
repositories mandates the use of the `%` character in tags in some
cases like `debian/2%2.6-21`.

Unfortunately python-gitlab currently only escapes `/` to `%2F` and in
some cases `#` to `%23`. This means that when using the commit API to
retrieve information about the `debian/2%2.6-21` tag only the slash is
escaped before being inserted in the URL path and the `%` is left
untouched, resulting in something like
`/api/v4/projects/123/repository/commits/debian%2F2%2.6-21`. When
urllib3 seees that it detects the invalid `%` escape and then urlencodes
the whole string, resulting in
`/api/v4/projects/123/repository/commits/debian%252F2%252.6-21`, where
the original `/` got escaped twice and produced `%252F`.

To avoid the issue, fully urlencode identifiers and parameters to avoid
the urllib3 auto-escaping in all cases.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
@emanueleaina emanueleaina force-pushed the fix/quote-everything branch from 41dc7bf to b4dac5c Compare March 5, 2021 00:04
@emanueleaina emanueleaina changed the title fix: Handle tags like debian/2%2.6-21 as identifiers fix: handle tags like debian/2%2.6-21 as identifiers Mar 5, 2021
nejch
nejch approved these changes Mar 6, 2021
View reviewed changes
Copy link
Member

@nejch nejch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @em-! I'm now questioning why there was any custom URL encoding in the first place, but I've opened a follow-up in #1356 :)

@nejch nejch merged commit 48fc907 into python-gitlab:master Mar 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JohnVillalovos JohnVillalovos JohnVillalovos approved these changes

@nejch nejch nejch approved these changes

Assignees

@emanueleaina emanueleaina

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@emanueleaina @JohnVillalovos @codecov-io @nejch