search

python / cpython

The Python programming language
https://www.python.org
Other
62.29k stars 29.93k forks source link

netrc parsing is overly strict #79089

Open 28f81c82-7f5e-48f3-880f-1618d9cf0daf opened 5 years ago

28f81c82-7f5e-48f3-880f-1618d9cf0daf commented 5 years ago
BPO 34908
Nosy @zhangyangyu, @eamanu, @tirkarthi, @ianwremmel, @hober

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields: ```python assignee = None closed_at = None created_at = labels = ['3.10'] title = 'netrc parsing is overly strict' updated_at = user = 'https://github.com/ianwremmel' ``` bugs.python.org fields: ```python activity = actor = 'eamanu' assignee = 'none' closed = False closed_date = None closer = None components = [] creation = creator = 'ianwremmel' dependencies = [] files = [] hgrepos = [] issue_num = 34908 keywords = [] message_count = 6.0 messages = ['327155', '327201', '327204', '327453', '371754', '394680'] nosy_count = 5.0 nosy_names = ['xiang.zhang', 'eamanu', 'xtreak', 'ianwremmel', 'hober'] pr_nums = [] priority = 'normal' resolution = None stage = None status = 'open' superseder = None type = None url = 'https://bugs.python.org/issue34908' versions = ['Python 3.10'] ```

28f81c82-7f5e-48f3-880f-1618d9cf0daf commented 5 years ago

This started as a bug report for httpie https://github.com/jakubroztocil/httpie/issues/717#issuecomment-426125261

And became a bug report for requests https://github.com/requests/requests/issues/4813

But turned out to be an issue with Python's netrc parser:

it appears that auth via netrc is broken if \~/.netrc includes entries that are not exactly login/password tuples. For example, I have the following entries for circle ci and heroku:

   machine api.heroku.com
     login <redacted>
     password <redacted>
     method interactive
   machine circleci.com
     login <redacted>

both of these entries prevent my entry for github.com from working with httpie (but curl works just fine).

I've used the following script to test python 2.7 and 3.7:

import netrc
import os.path

netrc.netrc(os.path.expanduser('~/.netrc')).authenticators('api.github.com')

Python 2:

Traceback (most recent call last):
  File "test.py", line 4, in <module>
    netrc.netrc(os.path.expanduser('~/.netrc')).authenticators('api.github.com')
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/netrc.py", line 35, in __init__
    self._parse(file, fp, default_netrc)
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/netrc.py", line 117, in _parse
    file, lexer.lineno)
netrc.NetrcParseError: bad follower token 'method' (/Users/ian/.netrc, line 7)
```\`

Python 3:

Traceback (most recent call last): File "test.py", line 4, in netrc.netrc(os.path.expanduser('~/.netrc')).authenticators('api.github.com') File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/netrc.py", line 30, in init self._parse(file, fp, default_netrc) File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/netrc.py", line 111, in _parse file, lexer.lineno) netrc.NetrcParseError: bad follower token 'method' (/Users/ian/.netrc, line 7)

tirkarthi commented 5 years ago

Thanks for the report. There is no spec for .netrc files and the closest I can find is [0]. The error is present in master also. Could this be considered as an enhancement?

[0] https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html

Thanks

28f81c82-7f5e-48f3-880f-1618d9cf0daf commented 5 years ago

Yea, somehow, I suspected it was because there's no formal spec :)

I guess technically it's an enhancement, but given that configuration dictated by third-parties can break the environment, it does feel like a bug.

For example, I can't use a python app to authenticate to github via netrc because of how heroku says I have to configure my netrc.

Also, there are probably two subtly different issues:

  1. a machine with a password but no login breaks parsing
  2. a machine with an unrecognized key breaks parsing
zhangyangyu commented 5 years ago

My PR https://github.com/python/cpython/pull/127 has tried to solve some restrictions of the current netrc library. It's somewhat outdated since no reviewer for a long time. As you can see there are also other libraries suffering from the restrictions.

Revising it I think it still doesn't solve the case here, although it should be easy. There is no formal spec we can refer to. :-( But since there is real world problem and curl allows it, we should take it into mind.

dd54a005-04d8-44d9-9c01-fe2ab68e4911 commented 4 years ago

Emacs' netrc library supports some other keywords, namely 'port'. (This helps distinguish SMTP and IMAP auth information for the same machine.)

Documentation is here: https://www.gnu.org/software/emacs/manual/html_node/auth/Help-for-users.html

1220ddd9-1292-49f3-b2d8-3f0384085267 commented 3 years ago

Hellos,

This issue is fixed via this PR[0] that is a continues from xiang.zhang work [1]

[0] https://github.com/python/cpython/pull/26330 [1] https://github.com/python/cpython/pull/127