[Python-checkins] [3.14] gh-65697: Improved error msg for configparser key validation (GH-135527) (#135541)

Sun, 15 Jun 2025 09:38:39 -0700 

https://github.com/python/cpython/commit/6ae54553d483ba865e6b99be7d093a2b9715592b
commit: 6ae54553d483ba865e6b99be7d093a2b9715592b
branch: 3.14
author: Miss Islington (bot) <31488909+miss-isling...@users.noreply.github.com>
committer: jaraco <jar...@jaraco.com>
date: 2025-06-15T16:38:15Z
summary:

[3.14] gh-65697: Improved error msg for configparser key validation (GH-135527) 
(#135541)

gh-65697: Improved error msg for configparser key validation (GH-135527)

* Improved error msg for configparser key validation and added note in 3.14 
whatsnew

* Properly added change to configparser

* 📜🤖 Added by blurb_it.

---------
(cherry picked from commit 81237fbcf6adc962647566eafca62dd5a905375e)

Co-authored-by: Jacob Austin Lincoln 
<99031153+lincol...@users.noreply.github.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>

files:
A Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst
M Doc/whatsnew/3.14.rst
M Lib/configparser.py

diff --git a/Doc/whatsnew/3.14.rst b/Doc/whatsnew/3.14.rst
index e01310937a2447..a88e54a3c201e3 100644
--- a/Doc/whatsnew/3.14.rst
+++ b/Doc/whatsnew/3.14.rst
@@ -1244,6 +1244,14 @@ concurrent.futures
   buffer.
   (Contributed by Enzo Bonnal and Josh Rosenberg in :gh:`74028`.)
 
+configparser
+------------
+
+* Security fix: will no longer write config files it cannot read. Attempting
+  to :meth:`configparser.ConfigParser.write` keys containing delimiters or
+  beginning with the section header pattern will raise a
+  :class:`configparser.InvalidWriteError`.
+  (Contributed by Jacob Lincoln in :gh:`129270`)
 
 contextvars
 -----------
diff --git a/Lib/configparser.py b/Lib/configparser.py
index 239fda60a02ca0..18af1eadaad111 100644
--- a/Lib/configparser.py
+++ b/Lib/configparser.py
@@ -1218,11 +1218,14 @@ def _convert_to_boolean(self, value):
 
     def _validate_key_contents(self, key):
         """Raises an InvalidWriteError for any keys containing
-        delimiters or that match the section header pattern"""
+        delimiters or that begins with the section header pattern"""
         if re.match(self.SECTCRE, key):
-            raise InvalidWriteError("Cannot write keys matching section 
pattern")
-        if any(delim in key for delim in self._delimiters):
-            raise InvalidWriteError("Cannot write key that contains 
delimiters")
+            raise InvalidWriteError(
+                f"Cannot write key {key}; begins with section pattern")
+        for delim in self._delimiters:
+            if delim in key:
+                raise InvalidWriteError(
+                    f"Cannot write key {key}; contains delimiter {delim}")
 
     def _validate_value_types(self, *, section="", option="", value=""):
         """Raises a TypeError for illegal non-string values.
diff --git 
a/Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst 
b/Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst
new file mode 100644
index 00000000000000..d374220d02f5ce
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst
@@ -0,0 +1 @@
+:class:`configparser`'s error message when attempting to write an invalid key 
is now more helpful.

_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-le...@python.org
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: arch...@mail-archive.com

Reply via email to