Revert "Update macOS proxy bypass rules"

weiiwang01 · weiiwang01 · commit 4e4a4ee84b3c · 2024-02-29T01:12:51.000+08:00
This reverts commit 95e393f.
diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py
@@ -1514,35 +1514,35 @@ def test_winreg_proxy_bypass(self):
     def test_osx_proxy_bypass(self):
         bypass = {
             'exclude_simple': False,
-            'exceptions': ['foo.bar', '*.bar.com', '127.0.0.1', '10.0/16',
-                           '11.0./16', '12.13.14.0/24', '19.*',
-                           '2001:0db8:0123:4567:89ab:cdef:1234:5678']
+            'exceptions': ['foo.bar', '*.bar.com', '127.0.0.1', '10.10',
+                           '10.0/16']
         }
         # Check hosts that should trigger the proxy bypass
-        for host in ('foo.bar', 'www.bar.com', '127.0.0.1', '10.0.0.1',
-                     '11.0.0.1', '12.13.14.15', '19.0.0.1',
-                     '[2001:0db8:0123:4567:89ab:cdef:1234:5678]'):
+        for host in ('foo.bar', 'www.bar.com', '127.0.0.1', '10.10.0.1',
+                     '10.0.0.1'):
             self.assertTrue(_proxy_bypass_macosx_sysconf(host, bypass),
                             'expected bypass of %s to be True' % host)
         # Check hosts that should not trigger the proxy bypass
         for host in ('abc.foo.bar', 'bar.com', '127.0.0.2', '10.11.0.1',
-                     '11.1.0.1', '12.13.15.16', 'notinbypass',
-                     '[2001:0db8:0123:4567:89ab:cdef:1234:0001]'):
+                'notinbypass'):
             self.assertFalse(_proxy_bypass_macosx_sysconf(host, bypass),
                              'expected bypass of %s to be False' % host)
 
         # Check the exclude_simple flag
         bypass = {'exclude_simple': True, 'exceptions': []}
         self.assertTrue(_proxy_bypass_macosx_sysconf('test', bypass))
 
-        # Check that invalid IPs are ignored
+        # Check that invalid prefix lengths are ignored
         bypass = {
             'exclude_simple': False,
-            'exceptions': ['10.0.0.0/40', '1.256/16', '192.168']
+            'exceptions': [ '10.0.0.0/40', '172.19.10.0/24' ]
         }
-        for host in ('10.0.1.5', '1.256.0.1', '192.168.0.1'):
-            self.assertFalse(_proxy_bypass_macosx_sysconf(host, bypass),
-                             'expected bypass of %s to be False' % host)
+        host = '172.19.10.5'
+        self.assertTrue(_proxy_bypass_macosx_sysconf(host, bypass),
+                        'expected bypass of %s to be True' % host)
+        host = '10.0.1.5'
+        self.assertFalse(_proxy_bypass_macosx_sysconf(host, bypass),
+                        'expected bypass of %s to be False' % host)
 
     def check_basic_auth(self, headers, realm):
         with self.subTest(realm=realm, headers=headers):
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
@@ -2563,44 +2563,51 @@ def _proxy_bypass_macosx_sysconf(host, proxy_settings):
     }
     """
     from fnmatch import fnmatch
-    from ipaddress import IPv4Address, IPv4Network
+    from ipaddress import AddressValueError, IPv4Address
 
-    host, _ = _splitport(host)
-    # Strip brackets for IPv6 addresses
-    if host and host[0] == '[' and host[-1] == ']':
-        host = host[1:-1]
+    hostonly, port = _splitport(host)
+
+    def ip2num(ipAddr):
+        parts = ipAddr.split('.')
+        parts = list(map(int, parts))
+        if len(parts) != 4:
+            parts = (parts + [0, 0, 0, 0])[:4]
+        return (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8) | parts[3]
 
     # Check for simple host names:
     if '.' not in host:
         if proxy_settings['exclude_simple']:
             return True
 
-    host_ip = None
+    hostIP = None
     try:
-        host_ip = IPv4Address(host)
-    except ValueError:
+        hostIP = int(IPv4Address(hostonly))
+    except AddressValueError:
         pass
 
     for value in proxy_settings.get('exceptions', ()):
         # Items in the list are strings like these: *.local, 169.254/16
-        value = value.strip()
         if not value: continue
 
-        m = re.match(r"(\d+(?:\.\d+)*)\.?/(\d+)", value)
-        if m is not None and host_ip is not None:
-            base = m.group(1)
+        m = re.match(r"(\d+(?:\.\d+)*)(/\d+)?", value)
+        if m is not None and hostIP is not None:
+            base = ip2num(m.group(1))
             mask = m.group(2)
-            parts = base.split(".")
-            if len(parts) < 4:
-                base = ".".join((parts + ["0", "0", "0"])[:4])
-            try:
-                network = IPv4Network("{}/{}".format(base, mask))
-                if host_ip in network:
-                    return True
-            except ValueError:
-                pass
+            if mask is None:
+                mask = 8 * (m.group(1).count('.') + 1)
+            else:
+                mask = int(mask[1:])
+
+            if mask < 0 or mask > 32:
+                # System libraries ignore invalid prefix lengths
+                continue
+
+            mask = 32 - mask
+
+            if (hostIP >> mask) == (base >> mask):
+                return True
 
-        if fnmatch(host, value):
+        elif fnmatch(host, value):
             return True
 
     return False
