Skip to content

Do not follow redirects when uploading #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sigmavirus24 merged 1 commit into from
Apr 16, 2015
Merged

Do not follow redirects when uploading #94

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

install_requires = [
"pkginfo",
"requests >= 2.0",
"requests >= 2.3.0",
"setuptools >= 0.7.0",
]

Expand Down
13 changes: 13 additions & 0 deletions twine/commands/upload.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import pkg_resources
import requests

import twine.exceptions as exc
from twine.utils import get_config, get_username, get_password
from twine.wheel import Wheel
from twine.wininst import WinInst
Expand Down Expand Up @@ -210,11 +211,23 @@ def upload(dists, repository, sign, identity, username, password, comment,
data=dict((k, v) for k, v in data.items() if v),
files=filedata,
auth=(username, password),
allow_redirects=False,
)
# Bug 28. Try to silence a ResourceWarning by releasing the socket and
# clearing the connection pool.
resp.close()
session.close()

# Bug 92. If we get a redirect we should abort because something seems
# funky. The behaviour is not well defined and redirects being issued
# by PyPI should never happen in reality. This should catch malicious
# redirects as well.
if resp.is_redirect():
Copy link
Copy Markdown
Contributor

@untitaker untitaker Apr 6, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why check here if allow_redirects is already false?

Copy link
Copy Markdown
Contributor

@untitaker untitaker Apr 6, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevermind, I figured it out.

raise exc.RedirectDetected(
('"{0}" attempted to redirect to "{1}" during upload.'
' Aborting...').format(config["respository"],
resp.headers["location"]))
# Otherwise, raise an HTTPError based on the status code.
resp.raise_for_status()


Expand Down
24 changes: 24 additions & 0 deletions twine/exceptions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Copyright 2015 Ian Cordasco
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


class RedirectDetected(Exception):
"""A redirect was detected that the user needs to resolve.

In some cases, requests refuses to issue a new POST request after a
redirect. In order to prevent a confusing user experience, we raise this
exception to allow users to know the index they're uploading to is
redirecting them.
"""
pass