Fix empty netrc entry usage (#7205)

nateprewitt · web-flow · commit 47914226c296 · 2026-02-12T19:07:05.000-07:00
diff --git a/src/requests/utils.py b/src/requests/utils.py
@@ -231,7 +231,7 @@ def get_netrc_auth(url, raise_errors=False):
 
         try:
             _netrc = netrc(netrc_path).authenticators(host)
-            if _netrc:
+            if _netrc and any(_netrc):
                 # Return with login / password
                 login_i = 0 if _netrc[0] else 1
                 return (_netrc[login_i], _netrc[2])
diff --git a/tests/test_utils.py b/tests/test_utils.py
@@ -170,6 +170,16 @@ def test_not_vulnerable_to_bad_url_parsing(self, tmp_path, monkeypatch):
         auth = get_netrc_auth("http://example.com:@evil.com/&apos;")
         assert auth is None
 
+    def test_empty_default_credentials_ignored(self, tmp_path, monkeypatch):
+        """Empty default credentials should not be returned."""
+        netrc_path = tmp_path / ".netrc"
+        monkeypatch.setenv("NETRC", str(netrc_path))
+        with open(netrc_path, "w") as f:
+            f.write("machine example.com login user password pass\ndefault\n")
+
+        auth = get_netrc_auth("http://httpbin.org/")
+        assert auth is None
+
 
 class TestToKeyValList:
     @pytest.mark.parametrize(
