From d1bbd7fbd1ea010ff26244966e61e55d91d783df Mon Sep 17 00:00:00 2001 From: andrei kulakov Date: Mon, 9 Aug 2021 19:55:19 -0400 Subject: [PATCH 1/4] updated rfc references; added section on security considerations --- Doc/library/base64.rst | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/Doc/library/base64.rst b/Doc/library/base64.rst index 2f24bb63912fb6..d9ecb6fdde0e14 100644 --- a/Doc/library/base64.rst +++ b/Doc/library/base64.rst @@ -2,7 +2,7 @@ =============================================================== .. module:: base64 - :synopsis: RFC 3548: Base16, Base32, Base64 Data Encodings; + :synopsis: RFC 4648: Base16, Base32, Base64 Data Encodings; Base85 and Ascii85 **Source code:** :source:`Lib/base64.py` @@ -16,10 +16,10 @@ This module provides functions for encoding binary data to printable ASCII characters and decoding such encodings back to binary data. It provides encoding and decoding functions for the encodings specified in -:rfc:`3548`, which defines the Base16, Base32, and Base64 algorithms, +:rfc:`4648`, which defines the Base16, Base32, and Base64 algorithms, and for the de-facto standard Ascii85 and Base85 encodings. -The :rfc:`3548` encodings are suitable for encoding binary data so that it can +The :rfc:`4648` encodings are suitable for encoding binary data so that it can be safely sent by email, used as parts of URLs, or included as part of an HTTP POST request. The encoding algorithm is not the same as the :program:`uuencode` program. @@ -28,7 +28,7 @@ There are two interfaces provided by this module. The modern interface supports encoding :term:`bytes-like objects ` to ASCII :class:`bytes`, and decoding :term:`bytes-like objects ` or strings containing ASCII to :class:`bytes`. Both base-64 alphabets -defined in :rfc:`3548` (normal, and URL- and filesystem-safe) are supported. +defined in :rfc:`4648` (normal, and URL- and filesystem-safe) are supported. The legacy interface does not support decoding from strings, but it does provide functions for encoding and decoding to and from :term:`file objects @@ -287,6 +287,11 @@ An example usage of the module: >>> data b'data to be encoded' +Security Considerations +--- + +A new security considerations section was added to :rfc:`4648` (section 12); it's +recommended to review the security section for any code deployed to production. .. seealso:: From 4d26d776d2ad3fd99bd57ba1870482ec9cf21c00 Mon Sep 17 00:00:00 2001 From: andrei kulakov Date: Mon, 9 Aug 2021 19:58:58 -0400 Subject: [PATCH 2/4] added news --- .../Documentation/2021-08-09-19-58-45.bpo-36700.WPNW5f.rst | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Misc/NEWS.d/next/Documentation/2021-08-09-19-58-45.bpo-36700.WPNW5f.rst diff --git a/Misc/NEWS.d/next/Documentation/2021-08-09-19-58-45.bpo-36700.WPNW5f.rst b/Misc/NEWS.d/next/Documentation/2021-08-09-19-58-45.bpo-36700.WPNW5f.rst new file mode 100644 index 00000000000000..5bc1e23b285970 --- /dev/null +++ b/Misc/NEWS.d/next/Documentation/2021-08-09-19-58-45.bpo-36700.WPNW5f.rst @@ -0,0 +1,3 @@ +:mod:`base64` RFC references were updated to point to :rfc:`4648`; a section +was added to point users to the new "security considerations" section of the +RFC. From 1afce02c4de4af76efaccbacd27123801e0f633d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Langa?= Date: Fri, 13 Aug 2021 12:33:08 +0200 Subject: [PATCH 3/4] Fix RST header --- Doc/library/base64.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Doc/library/base64.rst b/Doc/library/base64.rst index d9ecb6fdde0e14..1de9e4c2970320 100644 --- a/Doc/library/base64.rst +++ b/Doc/library/base64.rst @@ -288,7 +288,7 @@ An example usage of the module: b'data to be encoded' Security Considerations ---- +----------------------- A new security considerations section was added to :rfc:`4648` (section 12); it's recommended to review the security section for any code deployed to production. From ab77211d465acf7bbceb325878a7f95bf099652e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Langa?= Date: Fri, 13 Aug 2021 12:40:38 +0200 Subject: [PATCH 4/4] List security considerations in the security index --- Doc/library/base64.rst | 2 ++ Doc/library/security_warnings.rst | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Doc/library/base64.rst b/Doc/library/base64.rst index 1de9e4c2970320..f91547bd58403e 100644 --- a/Doc/library/base64.rst +++ b/Doc/library/base64.rst @@ -287,6 +287,8 @@ An example usage of the module: >>> data b'data to be encoded' +.. _base64-security: + Security Considerations ----------------------- diff --git a/Doc/library/security_warnings.rst b/Doc/library/security_warnings.rst index 61fd4e6e487f70..26b015c0f8fc7a 100644 --- a/Doc/library/security_warnings.rst +++ b/Doc/library/security_warnings.rst @@ -7,6 +7,8 @@ Security Considerations The following modules have specific security considerations: +* :mod:`base64`: :ref:`base64 security considerations ` in + :rfc:`4648` * :mod:`cgi`: :ref:`CGI security considerations ` * :mod:`hashlib`: :ref:`all constructors take a "usedforsecurity" keyword-only argument disabling known insecure and blocked algorithms