Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong request target in test_httpservers.py #70796

Closed
zhangyangyu opened this issue Mar 22, 2016 · 6 comments
Closed

Wrong request target in test_httpservers.py #70796

zhangyangyu opened this issue Mar 22, 2016 · 6 comments
Labels
stdlib Python modules in the Lib dir

Comments

@zhangyangyu
Copy link
Member

BPO 26609
Nosy @vadmium, @zhangyangyu
Files
  • request_target_in_test_httpservers.patch
  • request_target_in_test_httpservers_v2.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2016-04-09.22:31:02.089>
created_at = <Date 2016-03-22.08:56:20.060>
labels = ['library']
title = 'Wrong request target in test_httpservers.py'
updated_at = <Date 2016-04-09.22:31:02.087>
user = 'https://github.com/zhangyangyu'

    bugs.python.org fields:

    activity = <Date 2016-04-09.22:31:02.087>
actor = 'martin.panter'
assignee = 'none'
closed = True
closed_date = <Date 2016-04-09.22:31:02.089>
closer = 'martin.panter'
components = ['Library (Lib)']
creation = <Date 2016-03-22.08:56:20.060>
creator = 'xiang.zhang'
dependencies = []
files = ['42243', '42369']
hgrepos = []
issue_num = 26609
keywords = ['patch']
message_count = 6.0
messages = ['262171', '262803', '262886', '263096', '263097', '263115']
nosy_count = 3.0
nosy_names = ['python-dev', 'martin.panter', 'xiang.zhang']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue26609'
versions = ['Python 2.7', 'Python 3.5', 'Python 3.6']
    @zhangyangyu
    Copy link
    Member Author

    When requesting a resource from an origin server, the request-target in request line should always starts with a back slash. But in SimpleHTTPServerTestCase in test_httpservers.py, almost all the requests are sent without the back slash though the handler handles it well. The request lines are like 'GET tmpXXXXX HTTP/1.1'. I add the back slashes.

    Maybe in SimpleHTTPRequestHandler, we should reject such invalid request-targets and then return BAD_REQUEST. And then bpo-2254 won't happen.

    @zhangyangyu zhangyangyu added the stdlib Python modules in the Lib dir label Mar 22, 2016
    @vadmium
    Copy link
    Member

    vadmium commented Apr 2, 2016

    Perhaps tempdir_name could get the slash prefixed in setUp() rather than in every test. There is one case that creates index.html which could probably be changed to use self.tempdir, and then the rest could be renamed to say self.base_url.

    Rejecting requests that do not start with a slash could be a compatibility problem. Do you think potential security benefits (i.e. having unexpected variations on the format of the URL) outweigh that?

    Either way, it would be good to retain a test without a slash.

    @zhangyangyu
    Copy link
    Member Author

    Get the slash prefixed path in Setup() is a good idea. I change the patch. I retain self.tempdir_name so we can use it in a test for no leading slash. The case creating index.html is OK with self.tempdir_name since we have changed our working directory to basetempdir.

    I didn't think about compatibility but I know it's important. So rejecting the invalid request-targets is not a good idea to me now.

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Apr 9, 2016

    New changeset 0e19f421dc9e by Martin Panter in branch '3.5':
    Issue bpo-26609: Fix HTTP server tests to request an absolute URL path
    https://hg.python.org/cpython/rev/0e19f421dc9e

    New changeset 34ebf79acd78 by Martin Panter in branch 'default':
    Issue bpo-26609: Merge HTTP tests from 3.5
    https://hg.python.org/cpython/rev/34ebf79acd78

    New changeset 2691f81a89a7 by Martin Panter in branch '2.7':
    Issue bpo-26609: Fix HTTP server tests to request an absolute URL path
    https://hg.python.org/cpython/rev/2691f81a89a7

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Apr 9, 2016

    New changeset 4f64b1c87a56 by Martin Panter in branch '2.7':
    Issue bpo-26609: Fix up Python 2 port
    https://hg.python.org/cpython/rev/4f64b1c87a56

    @vadmium
    Copy link
    Member

    vadmium commented Apr 9, 2016

    Thanks for the patch

    @vadmium vadmium closed this as completed Apr 9, 2016
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    stdlib Python modules in the Lib dir
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @vadmium @zhangyangyu