diff options
| author | Nicholas Charriere <nicholascharriere@gmail.com> | 2016-07-27 13:25:04 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-27 13:25:04 -0700 |
| commit | 9a2cfaed89a020e7e750c5f3b4b952d97061cfa8 (patch) | |
| tree | b7cccc6bc4667cde4b196628ef86f575fea13027 | |
| parent | 1cc52796412bc24c4ca42baa4830e80890fe8b64 (diff) | |
| parent | 0a3ccc1be4cdfd9722ec8ecc8403929f8bc4daad (diff) | |
| download | pymemcache-9a2cfaed89a020e7e750c5f3b4b952d97061cfa8.tar.gz | |
Merge pull request #105 from pinterest/security-sanitize
Security sanitize key
| -rw-r--r-- | pymemcache/client/base.py | 2 | ||||
| -rw-r--r-- | pymemcache/test/test_integration.py | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/pymemcache/client/base.py b/pymemcache/client/base.py index 75793bb..ade1a18 100644 --- a/pymemcache/client/base.py +++ b/pymemcache/client/base.py @@ -72,7 +72,7 @@ def _check_key(key, key_prefix=b''): except UnicodeEncodeError: raise MemcacheIllegalInputError("No ascii key: %r" % (key,)) key = key_prefix + key - if b' ' in key: + if b' ' in key or b'\n' in key: raise MemcacheIllegalInputError("Key contains spaces: %r" % (key,)) if len(key) > 250: raise MemcacheIllegalInputError("Key is too long: %r" % (key,)) diff --git a/pymemcache/test/test_integration.py b/pymemcache/test/test_integration.py index 491512a..17b26fd 100644 --- a/pymemcache/test/test_integration.py +++ b/pymemcache/test/test_integration.py @@ -220,6 +220,12 @@ def test_errors(client_class, host, port, socket_module): with pytest.raises(MemcacheIllegalInputError): _key_with_ws() + def _key_with_illegal_carriage_return(): + client.set(b'\r\nflush_all', b'value', noreply=False) + + with pytest.raises(MemcacheIllegalInputError): + _key_with_illegal_carriage_return() + def _key_too_long(): client.set(b'x' * 1024, b'value', noreply=False) |