Issue 26609: Wrong request target in test_httpservers.py (original) (raw)

Issue26609

Created on 2016-03-22 08:56 by xiang.zhang, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
request_target_in_test_httpservers.patch xiang.zhang,2016-03-22 08:56 review
request_target_in_test_httpservers_v2.patch xiang.zhang,2016-04-05 02:28 review
Messages (6)
msg262171 - (view) Author: Xiang Zhang (xiang.zhang) * (Python committer) Date: 2016-03-22 08:56
When requesting a resource from an origin server, the request-target in request line should always starts with a back slash. But in SimpleHTTPServerTestCase in test_httpservers.py, almost all the requests are sent without the back slash though the handler handles it well. The request lines are like 'GET tmpXXXXX HTTP/1.1'. I add the back slashes. Maybe in SimpleHTTPRequestHandler, we should reject such invalid request-targets and then return BAD_REQUEST. And then won't happen.
msg262803 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2016-04-02 23:03
Perhaps tempdir_name could get the slash prefixed in setUp() rather than in every test. There is one case that creates index.html which could probably be changed to use self.tempdir, and then the rest could be renamed to say self.base_url. Rejecting requests that do not start with a slash could be a compatibility problem. Do you think potential security benefits (i.e. having unexpected variations on the format of the URL) outweigh that? Either way, it would be good to retain a test without a slash.
msg262886 - (view) Author: Xiang Zhang (xiang.zhang) * (Python committer) Date: 2016-04-05 02:28
Get the slash prefixed path in Setup() is a good idea. I change the patch. I retain self.tempdir_name so we can use it in a test for no leading slash. The case creating index.html is OK with self.tempdir_name since we have changed our working directory to basetempdir. I didn't think about compatibility but I know it's important. So rejecting the invalid request-targets is not a good idea to me now.
msg263096 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-04-09 13:44
New changeset 0e19f421dc9e by Martin Panter in branch '3.5': Issue #26609: Fix HTTP server tests to request an absolute URL path https://hg.python.org/cpython/rev/0e19f421dc9e New changeset 34ebf79acd78 by Martin Panter in branch 'default': Issue #26609: Merge HTTP tests from 3.5 https://hg.python.org/cpython/rev/34ebf79acd78 New changeset 2691f81a89a7 by Martin Panter in branch '2.7': Issue #26609: Fix HTTP server tests to request an absolute URL path https://hg.python.org/cpython/rev/2691f81a89a7
msg263097 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-04-09 13:46
New changeset 4f64b1c87a56 by Martin Panter in branch '2.7': Issue #26609: Fix up Python 2 port https://hg.python.org/cpython/rev/4f64b1c87a56
msg263115 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2016-04-09 22:31
Thanks for the patch
History
Date User Action Args
2022-04-11 14:58:28 admin set github: 70796
2016-04-09 22:31:02 martin.panter set status: open -> closedversions: + Python 2.7, Python 3.5messages: + resolution: fixedstage: patch review -> resolved
2016-04-09 13:46:08 python-dev set messages: +
2016-04-09 13:44:39 python-dev set nosy: + python-devmessages: +
2016-04-05 02:28:37 xiang.zhang set files: + request_target_in_test_httpservers_v2.patchmessages: +
2016-04-03 04:40:49 martin.panter link issue26585 dependencies
2016-04-02 23:03:16 martin.panter set messages: + stage: patch review
2016-03-22 08:56:20 xiang.zhang create