Ignore external and unsafe urls aka PEP438 #985
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* By default ignore external links * Add the ``--allow-external`` flag that enables external links globally * Fallback to allowing all links if we cannot determine the API version of the parsed page * Inform the user of ``--allow-external`` if nothing was found to install
* After one release has been made allowing external urls, future releases will disallow by default
* Links and HTMLPages know if they are "trusted" * File Links know if they are safe or not * A "Safe" file Link comes from a trusted Link/HTMLPage and has a hash allowing verification of the download * Adds a --allow-unsafe PACKAGE argument to allow unsafe files on a per package basis * Optimizes scraping external sites by short circuiting if the current trust rules won't allow using it's files anyways
|
I'm going to add this to the 1.4 milestone because i'd like to add it to 1.4 because I think it's an important change to both speed up installs and enable a path towards a more secure installation story. That being said if it's decided not to add this to 1.4 I can live with that (but I'd really love it if I didn't have to!). |
|
This fixes #818 as well. |
|
This also (more or less) fixes #623 |
dstufft
added a commit
that referenced
this pull request
Jun 11, 2013
Ignore external and unsafe urls aka PEP438
|
It's awesome to see this finally fixed! |
|
@dstufft can you add a good summary in the change log for this. |
|
add it in release-1.4 branch and it will get merged over periodically |
lock
bot
added
the
auto-locked
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements Phase2 of PEP438.
Adds a number of index options:
All changes are gated on the api version of the page being >= 2. This means that older indexes, apache indexes, etc will continue to use the old processing rules.
There is also a speed boost involved here as pip will ignore the homepage and download urls if the current options would not allow installing anything from them anyways.
The default action currently is to install but warn. In the future (1.5?) pip will default to
--no-allow-insecureandno-allow-externaland those flags will be noop'd.URLs directly passed in via the command line, requirements files, etc are always considered verifiable and secure.