From 27560924ec1e567be4727ef8d7dfc4d3879c048c Mon Sep 17 00:00:00 2001
From: Florian Apolloner <florian@apolloner.eu>
Date: Tue, 27 Nov 2012 22:19:37 +0100
Subject: Fixed a security issue in get_host.

Full disclosure and new release forthcoming.
---
 tests/regressiontests/requests/tests.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'tests/regressiontests/requests/tests.py')

diff --git a/tests/regressiontests/requests/tests.py b/tests/regressiontests/requests/tests.py
index 164c1082fe..adf824dff7 100644
--- a/tests/regressiontests/requests/tests.py
+++ b/tests/regressiontests/requests/tests.py
@@ -116,13 +116,15 @@ class RequestsTests(unittest.TestCase):
             '12.34.56.78:443',
             '[2001:19f0:feee::dead:beef:cafe]',
             '[2001:19f0:feee::dead:beef:cafe]:8080',
+            'xn--4ca9at.com', # Punnycode for öäü.com
         ]
 
         poisoned_hosts = [
             'example.com@evil.tld',
             'example.com:dr.frankenstein@evil.tld',
-            'example.com:someone@somestie.com:80',
-            'example.com:80/badpath'
+            'example.com:dr.frankenstein@evil.tld:80',
+            'example.com:80/badpath',
+            'example.com: recovermypassword.com',
         ]
 
         for host in legit_hosts:
@@ -186,13 +188,15 @@ class RequestsTests(unittest.TestCase):
             '12.34.56.78:443',
             '[2001:19f0:feee::dead:beef:cafe]',
             '[2001:19f0:feee::dead:beef:cafe]:8080',
+            'xn--4ca9at.com', # Punnycode for öäü.com
         ]
 
         poisoned_hosts = [
             'example.com@evil.tld',
             'example.com:dr.frankenstein@evil.tld',
             'example.com:dr.frankenstein@evil.tld:80',
-            'example.com:80/badpath'
+            'example.com:80/badpath',
+            'example.com: recovermypassword.com',
         ]
 
         for host in legit_hosts:
-- 
cgit v1.3