classification
Title: wsgiref.validate expects wsgi.input read to give exactly one arg
Type: behavior Stage: patch review
Components: Documentation Versions: Python 3.4, Python 3.5
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: docs@python Nosy List: berker.peksag, docs@python, pje, rschoon
Priority: normal Keywords: patch

Created on 2013-07-31 22:48 by rschoon, last changed 2019-01-23 23:51 by cheryl.sabella.

Files
File name Uploaded Description Edit
wsgiref.patch rschoon, 2013-07-31 22:48 patch review
Pull Requests
URL Status Linked Edit
PR 11663 open cheryl.sabella, 2019-01-23 23:34
Messages (5)
msg194027 - (view) Author: Robin Schoonover (rschoon) * Date: 2013-07-31 22:48
wsgiref.validator requires wsgi.input's read to always give EXACTLY one argument. This is incorrect.

It's own documentation says:
* That wsgi.input is used properly:
  - .read() is called with zero or one argument

PEP3333 says:
A server should allow read() to be called without an argument, and return the remainder of the client's input stream.
msg235788 - (view) Author: Berker Peksag (berker.peksag) * (Python committer) Date: 2015-02-12 02:16
The change was suggested before PEP 3333 in issue 4718 (see msg78292), but PEP 3333 says:

    A server should allow read() to be called without an argument, and return the remainder of the client's input stream.

https://www.python.org/dev/peps/pep-3333/#input-and-error-streams

I couldn't find any objection at https://mail.python.org/pipermail/web-sig/2010-September/004655.html
msg236138 - (view) Author: PJ Eby (pje) * (Python committer) Date: 2015-02-17 16:46
This is a misreading of the spec.  The read() method is defined as taking exactly one parameter.  The server *should* support it being optional, but the app invoking it without an argument is not compliant, and wsgiref.validate is validating that the *app* performs according to spec, not the server.

Therefore, the documentation is what's in error, not the code.
msg236140 - (view) Author: Robin Schoonover (rschoon) * Date: 2015-02-17 17:55
I'm not sure I follow, as it has little to say on whether the application's expected behavior here, and only a recommendation that the server allow it.  But, it also defers to the "Python Standard Library", which does have an opinion.  I feel that (in hindsight) the exact behavior of each method should have been specified in full.

*However*, even if I differ on the reading of the spec, on general principle (and this has changed since I first wrote the issue) I agree that the application should not be omitting it anyway, because reading the entire response at once without checking the content length is dangerous.
msg236190 - (view) Author: PJ Eby (pje) * (Python committer) Date: 2015-02-18 19:27
This area of the spec is different between 333 and 3333 precisely to clarify this point, without technically changing conformance requirements.  PEP 333 was supposed to require the app to supply an argument, while PEP 3333 was changed to encourage the server to allow the app to omit it.

It's an annoying grey area in the spec itself, but not at all a grey area for for the validation tool, which is supposed to validate the strictest interpretation of the spec.  A conformant server is allowed to not work with a missing argument, so it's a bad idea for your app to omit it if you want to run on all conformant servers.  (And this is entirely independent of whether it's a good idea to read the entire stream in the first place.)
History
Date User Action Args
2019-01-23 23:51:54cheryl.sabellasetpull_requests: - pull_request11469
2019-01-23 23:51:44cheryl.sabellasetpull_requests: - pull_request11468
2019-01-23 23:34:59cheryl.sabellasetstage: needs patch -> patch review
pull_requests: + pull_request11469
2019-01-23 23:34:50cheryl.sabellasetstage: needs patch -> needs patch
pull_requests: + pull_request11468
2019-01-23 23:34:41cheryl.sabellasetstage: needs patch -> needs patch
pull_requests: + pull_request11467
2015-02-18 19:27:04pjesetmessages: + msg236190
2015-02-17 17:55:47rschoonsetmessages: + msg236140
2015-02-17 16:46:13pjesetnosy: + docs@python
messages: + msg236138

assignee: docs@python
components: + Documentation, - Library (Lib)
stage: patch review -> needs patch
2015-02-12 02:16:31berker.peksagsetversions: + Python 3.4, Python 3.5, - Python 3.3
nosy: + berker.peksag

messages: + msg235788

stage: patch review
2014-07-01 03:17:03rschoonsetnosy: + pje
2013-07-31 22:50:39rschoonsettitle: wsgiref.validator expects wsgi.input read to give exactly one arg -> wsgiref.validate expects wsgi.input read to give exactly one arg
2013-07-31 22:48:21rschooncreate