Skip to content

Commit

Permalink
Raise an error if the converter arguments cannot be parsed
Browse files Browse the repository at this point in the history
This could happen for example with `min=0;max=500` as the `;` is not a
word character everything before it is ignored in the regex during the
finditer call. This then lefts the user confused as the `min=0;` was
silently ignored.
  • Loading branch information
pgjones committed Mar 19, 2024
1 parent 0b47237 commit 5741398
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ Unreleased
- Fix response_wrapper type check in test client. :issue:`2831`
- Make the return type of ``MultiPartParser.parse`` more
precise. :issue:`2840`
- Raise an error if converter arguments cannot be
parsed. :issue:`2822`

Version 3.0.1
-------------
Expand Down
8 changes: 8 additions & 0 deletions src/werkzeug/routing/rules.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ class RulePart:
_simple_rule_re = re.compile(r"<([^>]+)>")
_converter_args_re = re.compile(
r"""
\s*
((?P<name>\w+)\s*=\s*)?
(?P<value>
True|False|
Expand Down Expand Up @@ -112,8 +113,14 @@ def parse_converter_args(argstr: str) -> tuple[tuple[t.Any, ...], dict[str, t.An
argstr += ","
args = []
kwargs = {}
position = 0

for item in _converter_args_re.finditer(argstr):
if item.start() != position:
raise ValueError(
f"Cannot parse converter argument '{argstr[position:item.start()]}'"
)

value = item.group("stringval")
if value is None:
value = item.group("value")
Expand All @@ -123,6 +130,7 @@ def parse_converter_args(argstr: str) -> tuple[tuple[t.Any, ...], dict[str, t.An
else:
name = item.group("name")
kwargs[name] = value
position = item.end()

return tuple(args), kwargs

Expand Down
3 changes: 3 additions & 0 deletions tests/test_routing.py
Original file line number Diff line number Diff line change
Expand Up @@ -1076,6 +1076,9 @@ def test_converter_parser():
args, kwargs = r.parse_converter_args('"foo", "bar"')
assert args == ("foo", "bar")

with pytest.raises(ValueError):
r.parse_converter_args("min=0;max=500")


def test_alias_redirects():
m = r.Map(
Expand Down

0 comments on commit 5741398

Please sign in to comment.