Skip to content

Fix issues with authenticated indexes #231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Fix issues with authenticated indexes #231

wants to merge 4 commits into from

Conversation

MarcelBochtler
Copy link

@MarcelBochtler MarcelBochtler commented Jun 18, 2025
edited
Loading

This PR fixes two issues with the netrc handling of python-inspector:

  1. Support host names in the netrc file, instead of relying on full URLs. This fixes .netrc file is queried incorrectly #176.
  2. Support the special default host name

Please take a look at the specific commits for details.

Resolves: #127 and #176

@MarcelBochtler
Fix incorrect netrc format assumption
58107e8 
According to the netrc specification (see [1] and [2]), the `machine`
part should not be a full URL, but only a host name.
Before, using the correct netrc format with only a host name did not
work for authentication purposes in Python Inspector.
Fix this by using urllib.parse to find the matching host name.

[1]: https://www.ibm.com/docs/en/aix/7.2.0?topic=formats-netrc-file-format-tcpip
[2]: https://docs.python.org/3/library/netrc.html#netrc.netrc.hosts

Resolves: aboutcode-org#176.

Signed-off-by: Marcel Bochtler <[email protected]>
@MarcelBochtler
Support default host in netrc
a280803 
Support the fallback to `default` if the user did not set a specific
host name in their netrc file.

Signed-off-by: Marcel Bochtler <[email protected]>
@MarcelBochtler MarcelBochtler marked this pull request as draft June 18, 2025 11:10
@MarcelBochtler MarcelBochtler changed the title Fix incorrect netrc handling Fix issues with authenticated indexes Jun 18, 2025
@MarcelBochtler MarcelBochtler marked this pull request as ready for review June 18, 2025 12:50
@MarcelBochtler
Ensure package_urls end with a slash
e1b179e 
In PyPI simple repository format, package URLs typically end with the
package name and should have a trailing slash [1].
To ensure this trailing slash, the some web servers might redirect to
the URL with the trailing slash.
This causes the issue that the BasicAuth credentials are removed from
the request for security reasons.

This was observed with an internal Artifactory repository and adding a
trailing slash to the package_url fixes the issue.

[1]: https://peps.python.org/pep-0503/#specification

Resolves: aboutcode-org#127.

Signed-off-by: Marcel Bochtler <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

.netrc file is queried incorrectly Having private packages makes python-inspector crashes
1 participant
@MarcelBochtler