[3.14] gh-65697: Improved error msg for configparser key validation (GH-135527) (#135541)

miss-islington · lincolnj1 · blurb-it[bot] · web-flow · commit 6ae54553d483 · 2025-06-15T16:38:15.000Z
gh-65697: Improved error msg for configparser key validation (GH-135527) * Improved error msg for configparser key validation and added note in 3.14 whatsnew * Properly added change to configparser * 📜🤖 Added by blurb_it. --------- (cherry picked from commit 81237fb) Co-authored-by: Jacob Austin Lincoln <99031153+lincolnj1@users.noreply.github.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
diff --git a/Doc/whatsnew/3.14.rst b/Doc/whatsnew/3.14.rst
@@ -1244,6 +1244,14 @@ concurrent.futures
   buffer.
   (Contributed by Enzo Bonnal and Josh Rosenberg in :gh:`74028`.)
 
+configparser
+------------
+
+* Security fix: will no longer write config files it cannot read. Attempting
+  to :meth:`configparser.ConfigParser.write` keys containing delimiters or
+  beginning with the section header pattern will raise a
+  :class:`configparser.InvalidWriteError`.
+  (Contributed by Jacob Lincoln in :gh:`129270`)
 
 contextvars
 -----------
diff --git a/Lib/configparser.py b/Lib/configparser.py
@@ -1218,11 +1218,14 @@ def _convert_to_boolean(self, value):
 
     def _validate_key_contents(self, key):
         """Raises an InvalidWriteError for any keys containing
-        delimiters or that match the section header pattern"""
+        delimiters or that begins with the section header pattern"""
         if re.match(self.SECTCRE, key):
-            raise InvalidWriteError("Cannot write keys matching section pattern")
-        if any(delim in key for delim in self._delimiters):
-            raise InvalidWriteError("Cannot write key that contains delimiters")
+            raise InvalidWriteError(
+                f"Cannot write key {key}; begins with section pattern")
+        for delim in self._delimiters:
+            if delim in key:
+                raise InvalidWriteError(
+                    f"Cannot write key {key}; contains delimiter {delim}")
 
     def _validate_value_types(self, *, section="", option="", value=""):
         """Raises a TypeError for illegal non-string values.
diff --git a/Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst b/Misc/NEWS.d/next/Library/2025-06-15-03-03-22.gh-issue-65697.COdwZd.rst
@@ -0,0 +1 @@
+:class:`configparser`'s error message when attempting to write an invalid key is now more helpful.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+:class:`configparser`'s error message when attempting to write an invalid key is now more helpful.