PyPI - python-multipart - Versions diffs - 0.0.16__tar.gz → 0.0.18__tar.gz - Mend

python-multipart 0.0.16tar.gz → 0.0.18tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

{python_multipart-0.0.16 → python_multipart-0.0.18}/CHANGELOG.md RENAMED Viewed

@@ -1,5 +1,13 @@
 # Changelog
+## 0.0.18 (2024-11-28)
+* Hard break if found data after last boundary on `MultipartParser` [#189](https://github.com/Kludex/python-multipart/pull/189).
+## 0.0.17 (2024-10-31)
+* Handle PermissionError in fallback code for old import name [#182](https://github.com/Kludex/python-multipart/pull/182).
 ## 0.0.16 (2024-10-27)
 * Add dunder attributes to `multipart` package [#177](https://github.com/Kludex/python-multipart/pull/177).

{python_multipart-0.0.16 → python_multipart-0.0.18}/PKG-INFO RENAMED Viewed

@@ -1,14 +1,13 @@
 Metadata-Version: 2.3
 Name: python-multipart
-Version: 0.0.16
+Version: 0.0.18
 Summary: A streaming multipart parser for Python
 Project-URL: Homepage, https://github.com/Kludex/python-multipart
 Project-URL: Documentation, https://kludex.github.io/python-multipart/
 Project-URL: Changelog, https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md
 Project-URL: Source, https://github.com/Kludex/python-multipart
 Author-email: Andrew Dunham <andrew@du.nham.ca>, Marcelo Trylesinski <marcelotryle@gmail.com>
-License-Expression: Apache-2.0
-License-File: LICENSE.txt
+License: Apache-2.0
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Web Environment
 Classifier: Intended Audience :: Developers

python_multipart-0.0.18/multipart/__init__.py ADDED Viewed

@@ -0,0 +1,24 @@
+# This only works if using a file system, other loaders not implemented.
+import importlib.util
+import sys
+import warnings
+from pathlib import Path
+for p in sys.path:
+    file_path = Path(p, "multipart.py")
+    try:
+        if file_path.is_file():
+            spec = importlib.util.spec_from_file_location("multipart", file_path)
+            assert spec is not None, f"{file_path} found but not loadable!"
+            module = importlib.util.module_from_spec(spec)
+            sys.modules["multipart"] = module
+            assert spec.loader is not None, f"{file_path} must be loadable!"
+            spec.loader.exec_module(module)
+            break
+    except PermissionError:
+        pass
+else:
+    warnings.warn("Please use `import python_multipart` instead.", PendingDeprecationWarning, stacklevel=2)
+    from python_multipart import *
+    from python_multipart import __all__, __author__, __copyright__, __license__, __version__

{python_multipart-0.0.16 → python_multipart-0.0.18}/pyproject.toml RENAMED Viewed

@@ -44,7 +44,7 @@ dev-dependencies = [
     "PyYAML==6.0.1",
     "invoke==2.2.0",
     "pytest-timeout==2.3.1",
-    "ruff==0.3.4",
+    "ruff==0.8.0",
     "mypy",
     "types-PyYAML",
     "atheris==2.3.0; python_version != '3.12'",
@@ -122,4 +122,4 @@ exclude_lines = [
 ]
 [tool.check-sdist]
-git-only = ["docs", "fuzz", "scripts", "mkdocs.yml", "uv.lock"]
+git-only = ["docs", "fuzz", "scripts", "mkdocs.yml", "uv.lock", "SECURITY.md"]

{python_multipart-0.0.16 → python_multipart-0.0.18}/python_multipart/__init__.py RENAMED Viewed

@@ -2,7 +2,7 @@
 __author__ = "Andrew Dunham"
 __license__ = "Apache"
 __copyright__ = "Copyright (c) 2012-2013, Andrew Dunham"
-__version__ = "0.0.16"
+__version__ = "0.0.18"
 from .multipart import (
     BaseParser,

{python_multipart-0.0.16 → python_multipart-0.0.18}/python_multipart/multipart.py RENAMED Viewed

@@ -1105,7 +1105,6 @@ class MultipartParser(BaseParser):
                 # Skip leading newlines
                 if c == CR or c == LF:
                     i += 1
-                    self.logger.debug("Skipping leading CR/LF at %d", i)
                     continue
                 # index is used as in index into our boundary.  Set to 0.
@@ -1398,9 +1397,10 @@ class MultipartParser(BaseParser):
                     i -= 1
             elif state == MultipartState.END:
-                # Do nothing and just consume a byte in the end state.
-                if c not in (CR, LF):
-                    self.logger.warning("Consuming a byte '0x%x' in the end state", c)  # pragma: no cover
+                # Skip data after the last boundary.
+                self.logger.warning("Skipping data after last boundary")
+                i = length
+                break
             else:  # pragma: no cover (error case)
                 # We got into a strange state somehow!  Just stop processing.

{python_multipart-0.0.16 → python_multipart-0.0.18}/tests/test_multipart.py RENAMED Viewed

@@ -825,7 +825,7 @@ class TestFormParser(unittest.TestCase):
             return
         # No error!
-        self.assertEqual(processed, len(param["test"]))
+        self.assertEqual(processed, len(param["test"]), param["name"])
         # Assert that the parser gave us the appropriate fields/files.
         for e in param["result"]["expected"]:
@@ -1210,6 +1210,44 @@ class TestFormParser(unittest.TestCase):
         self.assertEqual(fields[2].field_name, b"baz")
         self.assertEqual(fields[2].value, b"asdf")
+    def test_multipart_parser_newlines_before_first_boundary(self) -> None:
+        """This test makes sure that the parser does not handle when there is junk data after the last boundary."""
+        num = 5_000_000
+        data = (
+            "\r\n" * num + "--boundary\r\n"
+            'Content-Disposition: form-data; name="file"; filename="filename.txt"\r\n'
+            "Content-Type: text/plain\r\n\r\n"
+            "hello\r\n"
+            "--boundary--"
+        )
+        files: list[File] = []
+        def on_file(f: FileProtocol) -> None:
+            files.append(cast(File, f))
+        f = FormParser("multipart/form-data", on_field=Mock(), on_file=on_file, boundary="boundary")
+        f.write(data.encode("latin-1"))
+    def test_multipart_parser_data_after_last_boundary(self) -> None:
+        """This test makes sure that the parser does not handle when there is junk data after the last boundary."""
+        num = 50_000_000
+        data = (
+            "--boundary\r\n"
+            'Content-Disposition: form-data; name="file"; filename="filename.txt"\r\n'
+            "Content-Type: text/plain\r\n\r\n"
+            "hello\r\n"
+            "--boundary--" + "-" * num + "\r\n"
+        )
+        files: list[File] = []
+        def on_file(f: FileProtocol) -> None:
+            files.append(cast(File, f))
+        f = FormParser("multipart/form-data", on_field=Mock(), on_file=on_file, boundary="boundary")
+        f.write(data.encode("latin-1"))
     def test_max_size_multipart(self) -> None:
         # Load test data.
         test_file = "single_field_single_file.http"

python_multipart-0.0.16/multipart/__init__.py DELETED Viewed

@@ -1,21 +0,0 @@
-# This only works if using a file system, other loaders not implemented.
-import importlib.util
-import sys
-import warnings
-from pathlib import Path
-for p in sys.path:
-    file_path = Path(p, "multipart.py")
-    if file_path.is_file():
-        spec = importlib.util.spec_from_file_location("multipart", file_path)
-        assert spec is not None, f"{file_path} found but not loadable!"
-        module = importlib.util.module_from_spec(spec)
-        sys.modules["multipart"] = module
-        assert spec.loader is not None, f"{file_path} must be loadable!"
-        spec.loader.exec_module(module)
-        break
-else:
-    warnings.warn("Please use `import python_multipart` instead.", PendingDeprecationWarning, stacklevel=2)
-    from python_multipart import *
-    from python_multipart import __all__, __author__, __copyright__, __license__, __version__