summaryrefslogtreecommitdiff
path: root/tests/requests_tests
AgeCommit message (Collapse)Author
2026-04-07[4.2.x] Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser.Natalia
When a multipart file part used `Content-Transfer-Encoding: base64` and the non-whitespace base64 bytes did not align to a multiple of 4 within a chunk, the parser entered a loop calling `field_stream.read(1-3)` once per whitespace byte. Each such call fetched the entire internal buffer, sliced off 1-3 bytes, and pushed the remainder back via unget(), doing an O(n) memory copy per call. A 2.5 MB payload of mostly whitespace produced CPU amplification relative to a normal upload of the same size. The alignment loop now reads `self._chunk_size` bytes at a time, and accumulates stripped parts in a list joined once at the end. Thanks to Seokchan Yoon for the report and the fixing patch. Backport of 7e9885f99cee771b51692fadc5592bdbf19641aa from main.
2023-04-12[4.2.x] Fixed #34484, Refs #34482 -- Reverted "Fixed #29186 -- Fixed ↵Mariusz Felisiak
pickling HttpRequest and subclasses." This reverts commit 6220c445c40a6a7f4d442de8bde2628346153963. Thanks Adam Johnson and Márton Salomváry for reports. Backport of 280ca147af9cdfce1ca9cb14cc3c5527ff6c7a02 from main
2023-02-14[4.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.Markus Holtermann
Thanks to Jakob Ackermann for the report.
2023-01-07Renamed 'requests' test package.Tim Graham
This avoids a collision when third-party database backends depend on the Requests HTTP library.