Merge pull request #26 from takagibit18/feat/eval-manual-fixture-requests-7205

takagibit18 · web-flow · commit a6e909c11872 · 2026-04-16T21:23:05.000+08:00
feat(eval): add reviewed negative-sample fixture from psf/requests#7205
diff --git a/eval/fixtures/golden_real_requests_netrc_pr7205.json b/eval/fixtures/golden_real_requests_netrc_pr7205.json
@@ -0,0 +1,39 @@
+{
+  "id": "golden_real_requests_netrc_pr7205",
+  "type": "review",
+  "source": {
+    "repo_full_name": "psf/requests",
+    "pr_number": 7205,
+    "url": "https://github.com/psf/requests/pull/7205",
+    "merge_commit_sha": "",
+    "title": "Fix empty netrc entry usage"
+  },
+  "input": {
+    "diff_text": "diff --git a/src/requests/utils.py b/src/requests/utils.py\nindex 4d3039b200..d113a6ff3e 100644\n--- a/src/requests/utils.py\n+++ b/src/requests/utils.py\n@@ -231,7 +231,7 @@ def get_netrc_auth(url, raise_errors=False):\n    try:\n        _netrc = netrc(netrc_path).authenticators(host)\n-        if _netrc:\n+        if _netrc and any(_netrc):\n            # Return with login / password\n            login_i = 0 if _netrc[0] else 1\n            return (_netrc[login_i], _netrc[2])\ndiff --git a/tests/test_utils.py b/tests/test_utils.py\nindex f9a287af1b..c477c4089a 100644\n--- a/tests/test_utils.py\n+++ b/tests/test_utils.py\n@@ -170,6 +170,16 @@ def test_not_vulnerable_to_bad_url_parsing(self, tmp_path, monkeypatch):\n    auth = get_netrc_auth(\"http://example.com:@evil.com/&apos;\")\n    assert auth is None\n\n+def test_empty_default_credentials_ignored(self, tmp_path, monkeypatch):\n+    \"\"\"Empty default credentials should not be returned.\"\"\"\n+    netrc_path = tmp_path / \".netrc\"\n+    monkeypatch.setenv(\"NETRC\", str(netrc_path))\n+    with open(netrc_path, \"w\") as f:\n+        f.write(\"machine example.com login user password pass\\ndefault\\n\")\n+\n+    auth = get_netrc_auth(\"http://httpbin.org/\")\n+    assert auth is None\n",
+    "files": {
+      "src/requests/utils.py": "def get_netrc_auth(url, raise_errors=False):\n    ri = urlparse(url)\n    host = ri.hostname\n\n    try:\n        _netrc = netrc(netrc_path).authenticators(host)\n        if _netrc and any(_netrc):\n            # Return with login / password\n            login_i = 0 if _netrc[0] else 1\n            return (_netrc[login_i], _netrc[2])\n    except (NetrcParseError, OSError):\n        # If there was a parsing error or a permissions issue reading the file,\n        # we'll just skip netrc auth unless explicitly asked to raise errors.\n        if raise_errors:\n            raise\n    except (ImportError, AttributeError):\n        pass\n",
+      "tests/test_utils.py": "def test_not_vulnerable_to_bad_url_parsing(self, tmp_path, monkeypatch):\n    netrc_path = tmp_path / \".netrc\"\n    monkeypatch.setenv(\"NETRC\", str(netrc_path))\n    with open(netrc_path, \"w\") as f:\n        f.write(\"machine example.com login aaaa password bbbb\\n\")\n    auth = get_netrc_auth(\"http://example.com:@evil.com/&apos;\")\n    assert auth is None\n\n\ndef test_empty_default_credentials_ignored(self, tmp_path, monkeypatch):\n    \"\"\"Empty default credentials should not be returned.\"\"\"\n    netrc_path = tmp_path / \".netrc\"\n    monkeypatch.setenv(\"NETRC\", str(netrc_path))\n    with open(netrc_path, \"w\") as f:\n        f.write(\"machine example.com login user password pass\\ndefault\\n\")\n\n    auth = get_netrc_auth(\"http://httpbin.org/\")\n    assert auth is None\n"
+    },
+    "error_log": null
+  },
+  "expected": {
+    "issues": [],
+    "min_issues": 0,
+    "max_issues": 0,
+    "is_empty_annotation": true
+  },
+  "metadata": {
+    "suite": "golden_real",
+    "tags": [
+      "github",
+      "review",
+      "auth",
+      "netrc",
+      "negative-sample"
+    ],
+    "difficulty": "easy",
+    "annotated_by": "manual",
+    "reviewed": true,
+    "created_at": "2026-04-16T00:00:00+00:00"
+  }
+}
