[py] Add test for warning when embedding user:pass in URL

Signed-off-by: Viet Nguyen Duc <[email protected]>
SeleniumHQ · Nov 6, 2024 · 5b63c44 · 5b63c44
1 parent 9ae1d7b
commit 5b63c44
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 19 deletions.
diff --git a/py/selenium/webdriver/remote/client_config.py b/py/selenium/webdriver/remote/client_config.py
@@ -209,7 +209,10 @@ def auth_type(self) -> str:
     @auth_type.setter
     def auth_type(self, value: str) -> None:
         """Sets the type of authentication to the remote server if it is not
-        using basic with username and password."""
+        using basic with username and password.
+
+        Support values: Bearer, X-API-Key. For others, please use `extra_headers` instead
+        """
         self._auth_type = value
 
     @property
@@ -220,10 +223,7 @@ def token(self) -> str:
     @token.setter
     def token(self, value: str) -> None:
         """Sets the token used for authentication to the remote server if
-        auth_type is not basic.
-
-        Support values: Bearer, X-API-Key. For others, please use `extra_headers` instead.
-        """
+        auth_type is not basic."""
         self._token = value
 
     @property

diff --git a/py/selenium/webdriver/remote/remote_connection.py b/py/selenium/webdriver/remote/remote_connection.py
@@ -22,6 +22,7 @@
 from base64 import b64encode
 from typing import Optional
 from urllib import parse
+from urllib.parse import urlparse
 
 import urllib3
 
@@ -258,16 +259,14 @@ def get_remote_connection_headers(cls, parsed_url, keep_alive=False):
         return headers
 
     def _identify_http_proxy_auth(self):
-        url = self._proxy_url
-        url = url[url.find(":") + 3 :]
-        return "@" in url and len(url[: url.find("@")]) > 0
+        parsed_url = urlparse(self._proxy_url)
+        if parsed_url.username and parsed_url.password:
+            return True
 
     def _separate_http_proxy_auth(self):
-        url = self._proxy_url
-        protocol = url[: url.find(":") + 3]
-        no_protocol = url[len(protocol) :]
-        auth = no_protocol[: no_protocol.find("@")]
-        proxy_without_auth = protocol + no_protocol[len(auth) + 1 :]
+        parsed_url = urlparse(self._proxy_url)
+        proxy_without_auth = f"{parsed_url.scheme}://{parsed_url.hostname}:{parsed_url.port}"
+        auth = f"{parsed_url.username}:{parsed_url.password}"
         return proxy_without_auth, auth
 
     def _get_connection_manager(self):

diff --git a/py/test/unit/selenium/webdriver/remote/remote_connection_tests.py b/py/test/unit/selenium/webdriver/remote/remote_connection_tests.py
@@ -69,8 +69,13 @@ def test_get_remote_connection_headers_defaults():
 
 def test_get_remote_connection_headers_adds_auth_header_if_pass():
     url = "http://user:pass@remote"
-    headers = RemoteConnection.get_remote_connection_headers(parse.urlparse(url))
+    with pytest.warns(None) as record:
+        headers = RemoteConnection.get_remote_connection_headers(parse.urlparse(url))
     assert headers.get("Authorization") == "Basic dXNlcjpwYXNz"
+    assert (
+        record[0].message.args[0]
+        == "Embedding username and password in URL could be insecure, use ClientConfig instead"
+    )
 
 
 def test_get_remote_connection_headers_adds_keep_alive_if_requested():
@@ -126,13 +131,15 @@ def test_get_proxy_url_https_via_client_config():
         proxy=Proxy({"proxyType": ProxyType.MANUAL, "sslProxy": "https://admin:admin@http_proxy.com:8080"}),
     )
     remote_connection = RemoteConnection(client_config=client_config)
-    proxy_url = remote_connection._client_config.get_proxy_url()
-    assert proxy_url == "https://admin:admin@http_proxy.com:8080"
+    conn = remote_connection._get_connection_manager()
+    assert isinstance(conn, urllib3.ProxyManager)
+    conn.proxy_url = "https://http_proxy.com:8080"
+    conn.connection_pool_kw["proxy_headers"] = urllib3.make_headers(proxy_basic_auth="admin:admin")
 
 
 def test_get_proxy_url_http_via_client_config():
     client_config = ClientConfig(
-        remote_server_addr="https://localhost:4444",
+        remote_server_addr="http://localhost:4444",
         proxy=Proxy(
             {
                 "proxyType": ProxyType.MANUAL,
@@ -142,15 +149,19 @@ def test_get_proxy_url_http_via_client_config():
         ),
     )
     remote_connection = RemoteConnection(client_config=client_config)
-    proxy_url = remote_connection._client_config.get_proxy_url()
-    assert proxy_url == "https://admin:admin@http_proxy.com:8080"
+    conn = remote_connection._get_connection_manager()
+    assert isinstance(conn, urllib3.ProxyManager)
+    conn.proxy_url = "http://http_proxy.com:8080"
+    conn.connection_pool_kw["proxy_headers"] = urllib3.make_headers(proxy_basic_auth="admin:admin")
 
 
 def test_get_proxy_direct_via_client_config():
     client_config = ClientConfig(
         remote_server_addr="http://localhost:4444", proxy=Proxy({"proxyType": ProxyType.DIRECT})
     )
     remote_connection = RemoteConnection(client_config=client_config)
+    conn = remote_connection._get_connection_manager()
+    assert isinstance(conn, urllib3.PoolManager)
     proxy_url = remote_connection._client_config.get_proxy_url()
     assert proxy_url is None
 
@@ -162,6 +173,8 @@ def test_get_proxy_system_matches_no_proxy_via_client_config():
         remote_server_addr="http://localhost:4444", proxy=Proxy({"proxyType": ProxyType.SYSTEM})
     )
     remote_connection = RemoteConnection(client_config=client_config)
+    conn = remote_connection._get_connection_manager()
+    assert isinstance(conn, urllib3.PoolManager)
     proxy_url = remote_connection._client_config.get_proxy_url()
     assert proxy_url is None
     os.environ.pop("HTTP_PROXY")