Restrict request handling to DEFAULT_ALLOWED_URL_SCHEMES
#1002
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…FAULT_ALLOWED_URL_SCHEMES`
abhinavsingh
added
the
bot:chronographer:skip
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #1002 +/- ##
===========================================
+ Coverage 87.31% 87.33% +0.01%
===========================================
Files 146 146
Lines 6332 6356 +24
Branches 637 640 +3
===========================================
+ Hits 5529 5551 +22
- Misses 695 699 +4
+ Partials 108 106 -2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
abhinavsingh
changed the title
DEFAULT_ALLOWED_URL_SCHEMESDEFAULT_ALLOWED_URL_SCHEMES
abhinavsingh
added a commit
that referenced
this pull request
Jan 20, 2022
* Fix README instructions for embedded mode * Expose sleep_loop * [SshTunnel] WIP (#992) [SshTunnel] WIP * [Middleware] Capability in the core to allow custom client connection classes (#993) * Move all TCP server related flags within `tcp_server.py` and also move the encryption functionality within TCP base server * Templatize `BaseTcpServerHandler` which now expects a client connection object bound to `TcpClientConnection`. This will allow for custom `HttpClientConnection` object in future to be used by `HttpProtocolHandler` * Pass necessary flags to allow self-signed certificates * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * fix https integration tests * Affected by #994 * Fix docs Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * [Middleware] `HttpClientConnection` preparation (#995) * Turn usual suspects to warnings, not error * Add `HttpClientConnection` skeleton * Fix doc build * Update references in http tests * Make `work` core agnostic to work object construction by adding an abstract static method to `Work` interface called `create` * Make mypy happy * Fix tests broken due to change in how work objects are now constructed * Doc ko bhi happy karo * Bail out early for non-HTTP but HTTP looking protocols (#972) * Add support in `Url` to parse all types of schemes * . * Guard handler against http looking protocol but not web or proxy requests * Fix condition for web server protocol detection * doc happy * Update flags and type check imports only * npm: bump eslint-plugin-import from 2.25.3 to 2.25.4 in /dashboard (#1005) Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.25.3 to 2.25.4. - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](import-js/eslint-plugin-import@v2.25.3...v2.25.4) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * npm: bump ws from 8.4.0 to 8.4.2 in /dashboard (#1007) Bumps [ws](https://github.com/websockets/ws) from 8.4.0 to 8.4.2. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.4.0...8.4.2) --- updated-dependencies: - dependency-name: ws dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix broken `--local-executor` logic for windows ever since it was made default (#1008) Co-authored-by: sowmyasudhasingh <sowmyasudhasingh@gmail.com> * [Windows] `--threaded` mode integration tests works locally but fails on GHA (#1009) * Enable remote threadless and threaded integration test for windows * Run only threaded on windows * Use powershell for execution of integration script on Windows * Update test_integration.py * Update test_integration.py Co-authored-by: sowmyasudhasingh <sowmyasudhasingh@gmail.com> Co-authored-by: Abhinav Singh <126065+abhinavsingh@users.noreply.github.com> * Restrict request handling to `DEFAULT_ALLOWED_URL_SCHEMES` (#1002) * Raise `HttpProtocolException` if request line scheme do not match `DEFAULT_ALLOWED_URL_SCHEMES` * ignore WPS329 * Fix tests * Pin to 4.3.2 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Test coverage for exception handling * type ignore Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> * [Doc] Threadless Remote vs Local Execution Mode (#1011) * [Coverage] For newly added components (#1014) * Add newly added code cov * Fix spelling * [Devtools] Build as part of GHA workflow (#1015) * Fix devtools build * Build devtools as part of GHA workflows * [isort] Lib modules (#1016) * isort `proxy.py` main class * isort init and main * isort common * pre-commit fix * isort dashboard and testing * isort plugins * isort core * Only sort top level http py files * isort http exception and websocket * Remove proxy auth plugin from proxy package exports and force discover `PLUGIN_PROXY_AUTH` flags * isort parser and web server * no setattr * isort all * Enable pre-commit isort hook * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sowmya Sudha Singh <83529764+sowmya-jaxl@users.noreply.github.com> Co-authored-by: sowmyasudhasingh <sowmyasudhasingh@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Production environment instances may receive variety of non-http schemes in the request line. E.g.
sip,icapetc. We want to bail out as early as possible upon identification of such requests.Another scenario
\x03\x00\x00*%\xe0\x00\x00\x00\x00\x00Cookie: mstshash=Test\r\n\x01\x00\x08\x00\x03\x00\x00\x00'will still run into the defaultHttpProtocolException: Error when parsing requestexception