Limit the amount of whitespace to search/backtrack. Fixes #3659.

author: Jason R. Coombs <jaraco@jaraco.com> 2022-11-04 13:47:53 -0400
committer: Jason R. Coombs <jaraco@jaraco.com> 2022-11-04 13:52:26 -0400
commit: 43a9c9bfa6aa626ec2a22540bea28d2ca77964be (patch)
tree: 3b14bc4da3b2f12a61ef88068f059ab305f23286
parent: 579134321d4d9397c886a5cb50cc26d0e3fa4279 (diff)
download: python-setuptools-git-43a9c9bfa6aa626ec2a22540bea28d2ca77964be.tar.gz
2 files changed, 1 insertions, 2 deletions
diff --git a/setuptools/package_index.py b/setuptools/package_index.py
index 5619e4da..362e26f3 100644
--- a/setuptools/package_index.py
+++ b/setuptools/package_index.py
@@ -217,7 +217,7 @@ def unique_values(func):
     return wrapper
 
 
-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
+REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
 """
 Regex for an HTML tag with 'rel="val"' attributes.
 """
diff --git a/setuptools/tests/test_packageindex.py b/setuptools/tests/test_packageindex.py
index babc1197..7b0bf112 100644
--- a/setuptools/tests/test_packageindex.py
+++ b/setuptools/tests/test_packageindex.py
@@ -307,7 +307,6 @@ class TestPyPIConfig:
         assert cred.password == 'pity%'
 
 
-@pytest.mark.xfail(reason="#3659")
 @pytest.mark.timeout(1)
 def test_REL_DoS():
     """
author	Jason R. Coombs <jaraco@jaraco.com>	2022-11-04 13:47:53 -0400
committer	Jason R. Coombs <jaraco@jaraco.com>	2022-11-04 13:52:26 -0400
commit	43a9c9bfa6aa626ec2a22540bea28d2ca77964be (patch)
tree	3b14bc4da3b2f12a61ef88068f059ab305f23286
parent	579134321d4d9397c886a5cb50cc26d0e3fa4279 (diff)
download	python-setuptools-git-43a9c9bfa6aa626ec2a22540bea28d2ca77964be.tar.gz