[Python-modules-team] Bug#950056: python-bleach FTBFS: test failures with Python 3.7.6 and 3.8.1
Adrian Bunk
bunk at debian.org
Tue Jan 28 18:20:51 GMT 2020
Source: python-bleach
Version: 3.1.0-2
Severity: serious
Tags: ftbfs
Forwarded: https://github.com/mozilla/bleach/issues/503
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/python-bleach.html
...
tests/test_clean.py:676: AssertionError
_ test_uri_value_allowed_protocols[<a href="192.168.100.100:8000">valid</a>-kwargs10-<a href="192.168.100.100:8000">valid</a>] _
data = '<a href="192.168.100.100:8000">valid</a>'
kwargs = {'protocols': ['http']}
expected = '<a href="192.168.100.100:8000">valid</a>'
@pytest.mark.parametrize('data, kwargs, expected', [
# javascript: is not allowed by default
(
'<a href="javascript:alert(\'XSS\')">xss</a>',
{},
'<a>xss</a>'
),
# File protocol is not allowed by default
(
'<a href="file:///tmp/foo">foo</a>',
{},
'<a>foo</a>'
),
# Specified protocols are allowed
(
'<a href="myprotocol://more_text">allowed href</a>',
{'protocols': ['myprotocol']},
'<a href="myprotocol://more_text">allowed href</a>'
),
# Unspecified protocols are not allowed
(
'<a href="http://example.com">invalid href</a>',
{'protocols': ['myprotocol']},
'<a>invalid href</a>'
),
# Anchors are ok
(
'<a href="#example.com">foo</a>',
{'protocols': []},
'<a href="#example.com">foo</a>'
),
# Allow implicit http if allowed
(
'<a href="example.com">valid</a>',
{'protocols': ['http']},
'<a href="example.com">valid</a>'
),
(
'<a href="example.com:8000">valid</a>',
{'protocols': ['http']},
'<a href="example.com:8000">valid</a>'
),
(
'<a href="localhost">valid</a>',
{'protocols': ['http']},
'<a href="localhost">valid</a>'
),
(
'<a href="localhost:8000">valid</a>',
{'protocols': ['http']},
'<a href="localhost:8000">valid</a>'
),
(
'<a href="192.168.100.100">valid</a>',
{'protocols': ['http']},
'<a href="192.168.100.100">valid</a>'
),
(
'<a href="192.168.100.100:8000">valid</a>',
{'protocols': ['http']},
'<a href="192.168.100.100:8000">valid</a>'
),
# Disallow implicit http if disallowed
(
'<a href="example.com">foo</a>',
{'protocols': []},
'<a>foo</a>'
),
(
'<a href="example.com:8000">foo</a>',
{'protocols': []},
'<a>foo</a>'
),
(
'<a href="localhost">foo</a>',
{'protocols': []},
'<a>foo</a>'
),
(
'<a href="localhost:8000">foo</a>',
{'protocols': []},
'<a>foo</a>'
),
(
'<a href="192.168.100.100">foo</a>',
{'protocols': []},
'<a>foo</a>'
),
(
'<a href="192.168.100.100:8000">foo</a>',
{'protocols': []},
'<a>foo</a>'
),
# Disallowed protocols with sneaky character entities
(
'<a href="javas	cript:alert(1)">alert</a>',
{},
'<a>alert</a>'
),
(
'<a href="�javascript:alert(1)">alert</a>',
{},
'<a>alert</a>'
),
# Checking the uri should change it at all
(
'<a href="http://example.com/?foo bar">foo</a>',
{},
'<a href="http://example.com/?foo bar">foo</a>'
),
])
def test_uri_value_allowed_protocols(data, kwargs, expected):
> assert clean(data, **kwargs) == expected
E assert '<a>valid</a>' == '<a href="192.168.100.100:8000">valid</a>'
E - <a>valid</a>
E + <a href="192.168.100.100:8000">valid</a>
tests/test_clean.py:676: AssertionError
=============================== warnings summary ===============================
/usr/lib/python3/dist-packages/html5lib/_trie/_base.py:3
/usr/lib/python3/dist-packages/html5lib/_trie/_base.py:3: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.9 it will stop working
from collections import Mapping
-- Docs: https://docs.pytest.org/en/latest/warnings.html
=============== 3 failed, 308 passed, 1 warnings in 1.89 seconds ===============
E: pybuild pybuild:341: test: plugin distutils failed with: exit code=1: cd /build/1st/python-bleach-3.1.0/.pybuild/cpython3_3.8_bleach/build; python3.8 -m pytest tests
dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p "3.8 3.7" returned exit code 13
make: *** [debian/rules:6: build] Error 25
More information about the Python-modules-team
mailing list