In order to avoid re-using session data from an HTTPS connection
in an HTTP connection. Some cookies may not be HTTP-safe.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
to extract hostname. After commit
"use a different session per hostname",
the code no longer raises MissingSchema if a URL is malformed in
certain cases. Since it parses URLs to extract the hostname and
would have raised securesystemslib.exceptions.FormatError, so the
test would have to check for that error instead of requests's
MissingSchema.
However, it's best to use a different error type, since while that
would be, true enough, a formatting error, FormatError is customarily
reserved for the automatic detection based on schemas in formats.py
(using <SCHEMA>.check_match()), and in any case it is not a
securesystemslib error.
So this commit adds error type tuf.exceptions.URLParsingError and
raises it if the hostname cannot be isolated in a URL, and checks
for it in test_download.py.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
- Remove trailing whitespace
- Fix indent sizes (4 if continuing line, else 2)
- Fix line continuation to match PEP 8 and lab code guidelines
Also fixes one minor typo.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Previous commit isn't going to work: read wasn't defined. Code
provided was from here:
https://packaging.python.org/guides/single-sourcing-package-version/
and is a little more complicated than is ideal. It'll also match
comment lines if they exist. Single-sourcing version number isn't
necessary for this pull request, but if I was going to do it, I'd
probably add a VERSION file and have tuf/__init__.py and setup.py
each read that in. There could be problems with that, too. I'm
going to punt on this and keep the version in two places and we
can fix that less urgently. (Also, the user agent reporting a
version seems less critical in any case than the rest of the PR.)
Version info will now be in two locations and require update in
tandem.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
These changes simplify logic, removing some try/except structures
that were unnecessary and potentially confusing, and get us back
to passing pylint's test.
pylint 2.0.0 adds try-except-raise tests, to catch immediate
re-raising after catching an exception, outside of some special
cases. See this GitHub comment for more info:
https://github.com/theupdateframework/tuf/pull/770#issuecomment-412993992
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
as its docstring says that it does. I'm not sure if this changed through
some accident along the way, but in any case, before this commit, the
docstring said that it yielded a list of absolute paths, but it did not.
Now it does.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
Also document the assumption that the metadata store is the latest and exists in _update_metadata()
Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
In order to avoid freezes if role info is deleted due to prior
validation failures, make sure that roledb is rebuilt during
client tuf.client.updater.refresh(), even if root did not need
to be updated.
See Issue 736 for more details.
Signed-off-by: Sebastien Awwad <sebastien.awwad@gmail.com>
