https://github.com/python/cpython/commit/81237fbcf6adc962647566eafca62dd5a905375e
commit: 81237fbcf6adc962647566eafca62dd5a905375e
branch: main
author: Jacob Austin Lincoln <[email protected]>
committer: jaraco <[email protected]>
date: 2025-06-15T12:13:19-04:00
summary:
gh-65697: Improved error msg for configparser key validation (#135527)
* Improved error msg for configparser key validation and added note in 3.14
whatsnew
* Properly added change to configparser
* 📜🤖 Added by blurb_it.
---------
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
files:
A Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst
M Doc/whatsnew/3.14.rst
M Lib/configparser.py
diff --git a/Doc/whatsnew/3.14.rst b/Doc/whatsnew/3.14.rst
index 705bf46d603697..895446e2721ca5 100644
--- a/Doc/whatsnew/3.14.rst
+++ b/Doc/whatsnew/3.14.rst
@@ -1259,6 +1259,14 @@ concurrent.futures
buffer.
(Contributed by Enzo Bonnal and Josh Rosenberg in :gh:`74028`.)
+configparser
+------------
+
+* Security fix: will no longer write config files it cannot read. Attempting
+ to :meth:`configparser.ConfigParser.write` keys containing delimiters or
+ beginning with the section header pattern will raise a
+ :class:`configparser.InvalidWriteError`.
+ (Contributed by Jacob Lincoln in :gh:`129270`)
contextvars
-----------
diff --git a/Lib/configparser.py b/Lib/configparser.py
index 239fda60a02ca0..18af1eadaad111 100644
--- a/Lib/configparser.py
+++ b/Lib/configparser.py
@@ -1218,11 +1218,14 @@ def _convert_to_boolean(self, value):
def _validate_key_contents(self, key):
"""Raises an InvalidWriteError for any keys containing
- delimiters or that match the section header pattern"""
+ delimiters or that begins with the section header pattern"""
if re.match(self.SECTCRE, key):
- raise InvalidWriteError("Cannot write keys matching section
pattern")
- if any(delim in key for delim in self._delimiters):
- raise InvalidWriteError("Cannot write key that contains
delimiters")
+ raise InvalidWriteError(
+ f"Cannot write key {key}; begins with section pattern")
+ for delim in self._delimiters:
+ if delim in key:
+ raise InvalidWriteError(
+ f"Cannot write key {key}; contains delimiter {delim}")
def _validate_value_types(self, *, section="", option="", value=""):
"""Raises a TypeError for illegal non-string values.
diff --git
a/Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst
b/Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst
new file mode 100644
index 00000000000000..d374220d02f5ce
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst
@@ -0,0 +1 @@
+:class:`configparser`'s error message when attempting to write an invalid key
is now more helpful.
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
