Skip to content

Commit

Permalink
Add HTTP method validation (#6533)
Browse files Browse the repository at this point in the history
(cherry picked from commit 75fca0b)
  • Loading branch information
asvetlov authored and Dreamsorcerer committed Nov 8, 2023
1 parent 476c4f2 commit a43bc17
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGES/6533.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add HTTP method validation.
9 changes: 8 additions & 1 deletion aiohttp/client_reqrep.py
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@
from .tracing import Trace


_CONTAINS_CONTROL_CHAR_RE = re.compile(r"[^-!#$%&'*+.^_`|~0-9a-zA-Z]")
json_re = re.compile(r"^application/(?:[\w.+-]+?\+)?json")


Expand Down Expand Up @@ -275,10 +276,16 @@ def __init__(
trust_env: bool = False,
server_hostname: Optional[str] = None,
):

if loop is None:
loop = asyncio.get_event_loop()

match = _CONTAINS_CONTROL_CHAR_RE.search(method)
if match:
raise ValueError(
f"Method cannot contain non-token characters {method!r} "
"(found at least {match.group()!r})"
)

assert isinstance(url, URL), url
assert isinstance(proxy, (URL, type(None))), proxy
# FIXME: session is None in tests only, need to fix tests
Expand Down
5 changes: 5 additions & 0 deletions tests/test_client_request.py
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,11 @@ def test_method3(make_request) -> None:
assert req.method == "HEAD"


def test_method_invalid(make_request) -> None:
with pytest.raises(ValueError, match="Method cannot contain non-token characters"):
make_request("METHOD WITH\nWHITESPACES", "http://python.org/")


def test_version_1_0(make_request) -> None:
req = make_request("get", "http://python.org/", version="1.0")
assert req.version == (1, 0)
Expand Down
9 changes: 7 additions & 2 deletions tests/test_web_request.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,10 @@ def test_base_ctor() -> None:

assert "GET" == req.method
assert HttpVersion(1, 1) == req.version
assert req.host == socket.getfqdn()
# MacOS may return CamelCased host name, need .lower()
# FQDN can be wider than host, e.g.
# 'fv-az397-495' in 'fv-az397-495.internal.cloudapp.net'
assert req.host.lower() in socket.getfqdn().lower()
assert "/path/to?a=1&b=2" == req.path_qs
assert "/path/to" == req.path
assert "a=1&b=2" == req.query_string
Expand All @@ -65,7 +68,9 @@ def test_ctor() -> None:
assert "GET" == req.method
assert HttpVersion(1, 1) == req.version
# MacOS may return CamelCased host name, need .lower()
assert req.host.lower() == socket.getfqdn().lower()
# FQDN can be wider than host, e.g.
# 'fv-az397-495' in 'fv-az397-495.internal.cloudapp.net'
assert req.host.lower() in socket.getfqdn().lower()
assert "/path/to?a=1&b=2" == req.path_qs
assert "/path/to" == req.path
assert "a=1&b=2" == req.query_string
Expand Down

0 comments on commit a43bc17

Please sign in to comment.