diff --git a/CHANGES/3235.bugfix b/CHANGES/3235.bugfix new file mode 100644 index 00000000000..5ec04391a59 --- /dev/null +++ b/CHANGES/3235.bugfix @@ -0,0 +1 @@ +Make method match regexp RFC-7230 compliant diff --git a/aiohttp/http_parser.py b/aiohttp/http_parser.py index ab6d5c4f544..a54d285bd2b 100644 --- a/aiohttp/http_parser.py +++ b/aiohttp/http_parser.py @@ -29,7 +29,15 @@ 'RawRequestMessage', 'RawResponseMessage') ASCIISET = set(string.printable) -METHRE = re.compile('[A-Z0-9$-_.]+') + +# See https://tools.ietf.org/html/rfc7230#section-3.1.1 +# and https://tools.ietf.org/html/rfc7230#appendix-B +# +# method = token +# tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / +# "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA +# token = 1*tchar +METHRE = re.compile(r"[!#$%&'*+\-.^_`|~0-9A-Za-z]+") VERSRE = re.compile(r'HTTP/(\d+).(\d+)') HDRRE = re.compile(rb'[\x00-\x1F\x7F()<>@,;:\[\]={} \t\\\\\"]') diff --git a/tests/test_http_parser.py b/tests/test_http_parser.py index df4350d9cb3..ebd97c0efb3 100644 --- a/tests/test_http_parser.py +++ b/tests/test_http_parser.py @@ -540,7 +540,7 @@ def test_http_request_parser_two_slashes(parser): def test_http_request_parser_bad_method(parser): with pytest.raises(http_exceptions.BadStatusLine): - parser.feed_data(b'!12%()+=~$ /get HTTP/1.1\r\n\r\n') + parser.feed_data(b'=":(e),[T];?" /get HTTP/1.1\r\n\r\n') def test_http_request_parser_bad_version(parser): diff --git a/tests/test_web_protocol.py b/tests/test_web_protocol.py index bd721c529f4..61ca0b41b16 100644 --- a/tests/test_web_protocol.py +++ b/tests/test_web_protocol.py @@ -239,7 +239,7 @@ async def test_simple(srv, loop, buf): async def test_bad_method(srv, loop, buf): srv.data_received( - b'!@#$ / HTTP/1.0\r\n' + b':BAD; / HTTP/1.0\r\n' b'Host: example.com\r\n\r\n') await asyncio.sleep(0, loop=loop)