diff options
| author | Lukas Eipert <leipert@gitlab.com> | 2020-12-30 21:24:16 +0100 |
|---|---|---|
| committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-04-28 11:01:23 +0900 |
| commit | 842f00f45212019a3b07f8d8dac269d35beb9efa (patch) | |
| tree | 38c252c4bcc4b71a989dd10d2f87c546d494322d /spec/ruby/core/array/pack/shared/basic.rb | |
| parent | 8a2b7b79ee8a1ba487c0b5064c0730b98f5ba438 (diff) | |
[ruby/net-http] Decode user and password from env configured proxy
If someone sets an env variable defining a http_proxy, containing a
username / password with percent-encoded characters, then the resulting
base64 encoded auth header will be wrong.
For example, suppose a username is `Y\X` and the password is `R%S] ?X`.
Properly URL encoded the proxy url would be:
http://Y%5CX:R%25S%5D%20%3FX@proxy.example:8000
The resulting proxy auth header should be: `WVxYOlIlU10gP1g=`, but the
getters defined by ruby StdLib `URI` return a username `Y%5CX` and
password `R%25S%5D%20%3FX`, resulting in `WSU1Q1g6UiUyNVMlNUQlMjAlM0ZY`.
As a result the proxy will deny the request.
Please note that this is my first contribution to the ruby ecosystem, to
standard lib especially and I am not a ruby developer.
References:
- https://gitlab.com/gitlab-org/gitlab/-/issues/289836
- https://bugs.ruby-lang.org/projects/ruby-master/repository/trunk/revisions/58461
- https://bugs.ruby-lang.org/issues/17542
https://github.com/ruby/net-http/commit/e57d4f38aa
Diffstat (limited to 'spec/ruby/core/array/pack/shared/basic.rb')
0 files changed, 0 insertions, 0 deletions