Skip to content

Commit

Permalink
Disallow BWS in header field-names
Browse files Browse the repository at this point in the history
Waitress used to treat:

Foo : bar

As a valid header, however
https://tools.ietf.org/html/rfc7230#section-3.2 states that this is not
valid.
  • Loading branch information
digitalresistor committed Dec 19, 2019
1 parent fb08ecf commit 804e313
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
4 changes: 4 additions & 0 deletions waitress/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,10 @@ def parse_header(self, header_plus):
index = line.find(b":")
if index > 0:
key = line[:index]

if key != key.strip():
raise ParsingError("Invalid whitespace after field-name")

if b"_" in key:
continue
value = line[index + 1 :].strip()
Expand Down
12 changes: 12 additions & 0 deletions waitress/tests/test_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,18 @@ def test_parse_header_extra_lf_in_first_line(self):
else: # pragma: nocover
self.assertTrue(False)

def test_parse_header_invalid_whitespace(self):
from waitress.parser import ParsingError

data = b"GET /foobar HTTP/8.4\r\nfoo : bar\r\n"
try:
self.parser.parse_header(data)
except ParsingError as e:
self.assertIn("Invalid whitespace after field-name", e.args[0])
else: # pragma: nocover
self.assertTrue(False)


class Test_split_uri(unittest.TestCase):
def _callFUT(self, uri):
from waitress.parser import split_uri
Expand Down

0 comments on commit 804e313

Please sign in to comment.