Message 227506 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	karlcow
Recipients	berker.peksag, dmi.baranov, karlcow, orsenthil
Date	2014-09-25.05:55:44
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1411624544.54.0.0883736496666.issue17319@psf.upfronthosting.co.za>
In-reply-to

Content
Where this is defined in the new RFC. http://tools.ietf.org/html/rfc7230#section-3.1.2 status-line = HTTP-version SP status-code SP reason-phrase CRLF Things to enforce status-code = 3DIGIT Response status code are now defined in http://tools.ietf.org/html/rfc7231#section-6 with something important. HTTP status codes are extensible. HTTP clients are not required to understand the meaning of all registered status codes, though such understanding is obviously desirable. However, a client MUST understand the class of any status code, as indicated by the first digit, and treat an unrecognized status code as being equivalent to the x00 status code of that class, with the exception that a recipient MUST NOT cache a response with an unrecognized status code. For example, if an unrecognized status code of 471 is received by a client, the client can assume that there was something wrong with its request and treat the response as if it had received a 400 (Bad Request) status code. The response message will usually contain a representation that explains the status. That should help. The full registry of status code is defined here http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml @dmi.baranov In the patch +def _is_valid_status_code(code): + return isinstance(code, int) and 0 <= code <= 999 Maybe there is a missing check where the len(str(code)) == 3

Where this is defined in the new RFC.

http://tools.ietf.org/html/rfc7230#section-3.1.2

     status-line = HTTP-version SP status-code SP reason-phrase CRLF

Things to enforce

     status-code    = 3DIGIT

Response status code are now defined in 
http://tools.ietf.org/html/rfc7231#section-6
with something important.

   HTTP status codes are extensible.  HTTP clients are not required to
   understand the meaning of all registered status codes, though such
   understanding is obviously desirable.  However, a client MUST
   understand the class of any status code, as indicated by the first
   digit, and treat an unrecognized status code as being equivalent to
   the x00 status code of that class, with the exception that a
   recipient MUST NOT cache a response with an unrecognized status code.

   For example, if an unrecognized status code of 471 is received by a
   client, the client can assume that there was something wrong with its
   request and treat the response as if it had received a 400 (Bad
   Request) status code.  The response message will usually contain a
   representation that explains the status.

That should help.

The full registry of status code is defined here
http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml


@dmi.baranov 

In the patch
+def _is_valid_status_code(code):
+        return isinstance(code, int) and 0 <= code <= 999

Maybe there is a missing check where the len(str(code)) == 3

History
Date	User	Action	Args
2014-09-25 05:55:44	karlcow	set	recipients: + karlcow, orsenthil, berker.peksag, dmi.baranov
2014-09-25 05:55:44	karlcow	set	messageid: <1411624544.54.0.0883736496666.issue17319@psf.upfronthosting.co.za>
2014-09-25 05:55:44	karlcow	link	issue17319 messages
2014-09-25 05:55:44	karlcow	create