PyPI - python-multipart - Versions diffs - 0.0.17__tar.gz → 0.0.19__tar.gz - Mend

python-multipart 0.0.17tar.gz → 0.0.19tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

{python_multipart-0.0.17 → python_multipart-0.0.19}/CHANGELOG.md RENAMED Viewed

@@ -1,5 +1,13 @@
 # Changelog
+## 0.0.19 (2024-11-30)
+* Don't warn when CRLF is found after last boundary on `MultipartParser` [#193](https://github.com/Kludex/python-multipart/pull/193).
+## 0.0.18 (2024-11-28)
+* Hard break if found data after last boundary on `MultipartParser` [#189](https://github.com/Kludex/python-multipart/pull/189).
 ## 0.0.17 (2024-10-31)
 * Handle PermissionError in fallback code for old import name [#182](https://github.com/Kludex/python-multipart/pull/182).

{python_multipart-0.0.17 → python_multipart-0.0.19}/PKG-INFO RENAMED Viewed

@@ -1,14 +1,13 @@
 Metadata-Version: 2.3
 Name: python-multipart
-Version: 0.0.17
+Version: 0.0.19
 Summary: A streaming multipart parser for Python
 Project-URL: Homepage, https://github.com/Kludex/python-multipart
 Project-URL: Documentation, https://kludex.github.io/python-multipart/
 Project-URL: Changelog, https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md
 Project-URL: Source, https://github.com/Kludex/python-multipart
 Author-email: Andrew Dunham <andrew@du.nham.ca>, Marcelo Trylesinski <marcelotryle@gmail.com>
-License-Expression: Apache-2.0
-License-File: LICENSE.txt
+License: Apache-2.0
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Web Environment
 Classifier: Intended Audience :: Developers

{python_multipart-0.0.17 → python_multipart-0.0.19}/pyproject.toml RENAMED Viewed

@@ -44,7 +44,7 @@ dev-dependencies = [
     "PyYAML==6.0.1",
     "invoke==2.2.0",
     "pytest-timeout==2.3.1",
-    "ruff==0.3.4",
+    "ruff==0.8.0",
     "mypy",
     "types-PyYAML",
     "atheris==2.3.0; python_version != '3.12'",
@@ -122,4 +122,4 @@ exclude_lines = [
 ]
 [tool.check-sdist]
-git-only = ["docs", "fuzz", "scripts", "mkdocs.yml", "uv.lock"]
+git-only = ["docs", "fuzz", "scripts", "mkdocs.yml", "uv.lock", "SECURITY.md"]

{python_multipart-0.0.17 → python_multipart-0.0.19}/python_multipart/__init__.py RENAMED Viewed

@@ -2,7 +2,7 @@
 __author__ = "Andrew Dunham"
 __license__ = "Apache"
 __copyright__ = "Copyright (c) 2012-2013, Andrew Dunham"
-__version__ = "0.0.17"
+__version__ = "0.0.19"
 from .multipart import (
     BaseParser,

{python_multipart-0.0.17 → python_multipart-0.0.19}/python_multipart/multipart.py RENAMED Viewed

@@ -1105,7 +1105,6 @@ class MultipartParser(BaseParser):
                 # Skip leading newlines
                 if c == CR or c == LF:
                     i += 1
-                    self.logger.debug("Skipping leading CR/LF at %d", i)
                     continue
                 # index is used as in index into our boundary.  Set to 0.
@@ -1398,9 +1397,14 @@ class MultipartParser(BaseParser):
                     i -= 1
             elif state == MultipartState.END:
-                # Do nothing and just consume a byte in the end state.
-                if c not in (CR, LF):
-                    self.logger.warning("Consuming a byte '0x%x' in the end state", c)  # pragma: no cover
+                # Don't do anything if chunk ends with CRLF.
+                if c == CR and i + 1 < length and data[i + 1] == LF:
+                    i += 2
+                    continue
+                # Skip data after the last boundary.
+                self.logger.warning("Skipping data after last boundary")
+                i = length
+                break
             else:  # pragma: no cover (error case)
                 # We got into a strange state somehow!  Just stop processing.

{python_multipart-0.0.17 → python_multipart-0.0.19}/tests/test_multipart.py RENAMED Viewed

@@ -1,5 +1,6 @@
 from __future__ import annotations
+import logging
 import os
 import random
 import sys
@@ -9,6 +10,7 @@ from io import BytesIO
 from typing import TYPE_CHECKING, cast
 from unittest.mock import Mock
+import pytest
 import yaml
 from python_multipart.decoders import Base64Decoder, QuotedPrintableDecoder
@@ -825,7 +827,7 @@ class TestFormParser(unittest.TestCase):
             return
         # No error!
-        self.assertEqual(processed, len(param["test"]))
+        self.assertEqual(processed, len(param["test"]), param["name"])
         # Assert that the parser gave us the appropriate fields/files.
         for e in param["result"]["expected"]:
@@ -1210,6 +1212,68 @@ class TestFormParser(unittest.TestCase):
         self.assertEqual(fields[2].field_name, b"baz")
         self.assertEqual(fields[2].value, b"asdf")
+    def test_multipart_parser_newlines_before_first_boundary(self) -> None:
+        """This test makes sure that the parser does not handle when there is junk data after the last boundary."""
+        num = 5_000_000
+        data = (
+            "\r\n" * num + "--boundary\r\n"
+            'Content-Disposition: form-data; name="file"; filename="filename.txt"\r\n'
+            "Content-Type: text/plain\r\n\r\n"
+            "hello\r\n"
+            "--boundary--"
+        )
+        files: list[File] = []
+        def on_file(f: FileProtocol) -> None:
+            files.append(cast(File, f))
+        f = FormParser("multipart/form-data", on_field=Mock(), on_file=on_file, boundary="boundary")
+        f.write(data.encode("latin-1"))
+    def test_multipart_parser_data_after_last_boundary(self) -> None:
+        """This test makes sure that the parser does not handle when there is junk data after the last boundary."""
+        num = 50_000_000
+        data = (
+            "--boundary\r\n"
+            'Content-Disposition: form-data; name="file"; filename="filename.txt"\r\n'
+            "Content-Type: text/plain\r\n\r\n"
+            "hello\r\n"
+            "--boundary--" + "-" * num + "\r\n"
+        )
+        files: list[File] = []
+        def on_file(f: FileProtocol) -> None:
+            files.append(cast(File, f))
+        f = FormParser("multipart/form-data", on_field=Mock(), on_file=on_file, boundary="boundary")
+        f.write(data.encode("latin-1"))
+    @pytest.fixture(autouse=True)
+    def inject_fixtures(self, caplog: pytest.LogCaptureFixture) -> None:
+        self._caplog = caplog
+    def test_multipart_parser_data_end_with_crlf_without_warnings(self) -> None:
+        """This test makes sure that the parser does not handle when the data ends with a CRLF."""
+        data = (
+            "--boundary\r\n"
+            'Content-Disposition: form-data; name="file"; filename="filename.txt"\r\n'
+            "Content-Type: text/plain\r\n\r\n"
+            "hello\r\n"
+            "--boundary--\r\n"
+        )
+        files: list[File] = []
+        def on_file(f: FileProtocol) -> None:
+            files.append(cast(File, f))
+        f = FormParser("multipart/form-data", on_field=Mock(), on_file=on_file, boundary="boundary")
+        with self._caplog.at_level(logging.WARNING):
+            f.write(data.encode("latin-1"))
+            assert len(self._caplog.records) == 0
     def test_max_size_multipart(self) -> None:
         # Load test data.
         test_file = "single_field_single_file.http"