Skip to content

Commit

Permalink
Ensure request method is a valid token
Browse files Browse the repository at this point in the history
  • Loading branch information
tomchristie authored Jan 19, 2022
1 parent fe249c9 commit 8195361
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
4 changes: 3 additions & 1 deletion h11/_events.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
from dataclasses import dataclass, field
from typing import Any, cast, Dict, List, Tuple, Union

from ._abnf import request_target
from ._abnf import method, request_target
from ._headers import Headers, normalize_and_validate
from ._util import bytesify, LocalProtocolError, validate

Expand All @@ -25,6 +25,7 @@
"ConnectionClosed",
]

method_re = re.compile(method.encode("ascii"))
request_target_re = re.compile(request_target.encode("ascii"))


Expand Down Expand Up @@ -117,6 +118,7 @@ def __init__(
if host_count > 1:
raise LocalProtocolError("Found multiple Host: headers")

validate(method_re, self.method, "Illegal method characters")
validate(request_target_re, self.target, "Illegal target characters")

# This is an unhashable type.
Expand Down
9 changes: 9 additions & 0 deletions h11/tests/test_events.py
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,15 @@ def test_events() -> None:
method="GET", target=target, headers=[("Host", "a")], http_version="1.1"
)

# Request method is validated
with pytest.raises(LocalProtocolError):
Request(
method="GET / HTTP/1.1",
target=target,
headers=[("Host", "a")],
http_version="1.1",
)

ir = InformationalResponse(status_code=100, headers=[("Host", "a")])
assert ir.status_code == 100
assert ir.headers == [(b"host", b"a")]
Expand Down

0 comments on commit 8195361

Please sign in to comment.