Fix unicode errors

[ret2libc]

What do these changes do?

Fix few errors related to Unicode decoding.

• multipart forms with invalid utf-8 characters as data can cause a UnicodeDecodeError to be raised. This should be raised as ValueError, like what is done in other parts of the code base.
• HTTP request parser (pure-python) tries to decode the header name with utf-8/xmlcharrefreplace, which cannot decode bytes such as \xd9.

Are there changes in behavior for the user?

I don't think so.

Related issue number

Checklist

• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt
  • The format is <Name> <Surname>.
  • Please keep alphabetical order, the file is sorted by names.
• Add a new news fragment into the CHANGES folder
  • name it <issue_id>.<type> for example (588.bugfix)
  • if you don't have an issue_id change it to the pr id after creating the pr
  • ensure type is one of the following:
    • .feature: Signifying a new feature.
    • .bugfix: Signifying a bug fix.
    • .doc: Signifying a documentation improvement.
    • .removal: Signifying a deprecation or removal of public API.
    • .misc: A ticket has been closed, but it is not of interest to users.
  • Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files."

[webknjaz]

Thanks for the PR @ret2libc!

Fix few errors related to Unicode decoding.

Could you spare a few more details on how the problem occurs? Where is it visible to the end-users? Is it different for the Cython-based parser vs. the pure Python one you're editing here?

Also, I'd expect to see some regression tests bundled with PRs modifying such core functionality. Since we have two parser implementations, this would also help us make sure that their behavior is equivalent.

[ret2libc]

I added unit tests, hope they are ok!

While doing so, I noticed the Cython-based parser does not have the same problem, but it raises a InvalidHeader error. What would be the best way forward? The python-based parser accepts the header in the test, thus I had to replace xmlcharrefreplace with backslackreplace, however it might be better to just reject the header?

Thanks for your review!

(and happy to see you again ;) )

[webknjaz]

however it might be better to just reject the header?

This sounds like a good idea. I can't imagine anybody wanting to process an invalid header in their web application.
But it'd also be reasonable to double-check with the RFCs what it allows/suggests/recommends, just in case.

[Dreamsorcerer]

however it might be better to just reject the header?

This sounds like a good idea. I can't imagine anybody wanting to process an invalid header in their web application. But it'd also be reasonable to double-check with the RFCs what it allows/suggests/recommends, just in case.

I can refer you to the dozen issues complaining about the strict header parsing... :P

I suspect this will actually not reject if we enable lenient headers in the future: #5269 (comment)

[Dreamsorcerer]

I think if we just update the test to catch either LineTooLong or InvalidHeaderToken, that will then ensure that we catch any regression caused by the lenient headers being enabled in future.

[webknjaz]

either LineTooLong or InvalidHeaderToken

But these should be two distinct cases. Tests must be kept simple.

[Dreamsorcerer]

either LineTooLong or InvalidHeaderToken

But these should be two distinct cases. Tests must be kept simple.

Well, if lenient headers are enabled, then they should both cause LineTooLong, and the test can be updated then. We probably don't want to try and make the Python parser produce the same error, when it may change in llhttp parser later anyway.

Lots of things trip the llhttp parser, which don't trip the Python parser currently (which is why people are disabling extensions as a workaround).

[ret2libc]

I have just adjusted the tests for now and I didn't reject the header.

[Dreamsorcerer]

Looks good to me. Just some black formatting issue (thought the CI automatically fixed those...).

[codecov]

Codecov Report

Merging #7044 (bd5dfb8) into master (d7ebbeb) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #7044   +/-   ##
=======================================
  Coverage   97.50%   97.51%           
=======================================
  Files         103      103           
  Lines       29990    30007   +17     
  Branches     3643     3646    +3     
=======================================
+ Hits        29243    29260   +17     
  Misses        567      567           
  Partials      180      180           

Flag	Coverage Δ
CI-GHA	97.41% <100.00%> (+<0.01%)	⬆️
OS-Linux	97.06% <100.00%> (+<0.01%)	⬆️
OS-Windows	95.39% <100.00%> (-0.01%)	⬇️
OS-macOS	96.70% <100.00%> (+<0.01%)	⬆️
Py-3.10.8	97.16% <100.00%> (+<0.01%)	⬆️
Py-3.11.0	96.56% <100.00%> (+<0.01%)	⬆️
Py-3.7.15	96.89% <100.00%> (+<0.01%)	⬆️
Py-3.7.9	95.28% <100.00%> (+<0.01%)	⬆️
Py-3.8.10	95.18% <100.00%> (-0.01%)	⬇️
Py-3.8.14	96.78% <100.00%> (+<0.01%)	⬆️
Py-3.9.13	95.17% <100.00%> (-0.01%)	⬇️
Py-3.9.14	96.57% <100.00%> (-0.01%)	⬇️
Py-3.9.15	96.76% <100.00%> (+<0.01%)	⬆️
Py-pypy7.3.9	96.44% <100.00%> (+<0.01%)	⬆️
VM-macos	96.70% <100.00%> (+<0.01%)	⬆️
VM-ubuntu	97.06% <100.00%> (+<0.01%)	⬆️
VM-windows	95.39% <100.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
aiohttp/http_parser.py	97.50% <ø> (ø)
aiohttp/multipart.py	96.14% <100.00%> (+0.02%)	⬆️
tests/test_http_parser.py	99.08% <100.00%> (+<0.01%)	⬆️
tests/test_multipart.py	100.00% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[patchback]

Backport to 3.9: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply bce6e3c on top of patchback/backports/3.9/bce6e3c7324f53342bcd225103771c509fc4a67f/pr-7044

Backporting merged PR #7044 into master

1. Ensure you have a local repo clone of your fork. Unless you cloned it
   from the upstream, this would be your origin remote.
2. Make sure you have an upstream repo added as a remote too. In these
   instructions you'll refer to it by the name upstream. If you don't
   have it, here's how you can add it:

   $ git remote add upstream https://github.com/aio-libs/aiohttp.git

3. Ensure you have the latest copy of upstream and prepare a branch
   that will hold the backported code:

   $ git fetch upstream
   $ git checkout -b patchback/backports/3.9/bce6e3c7324f53342bcd225103771c509fc4a67f/pr-7044 upstream/3.9

4. Now, cherry-pick PR Fix unicode errors #7044 contents into that branch:

   $ git cherry-pick -x bce6e3c7324f53342bcd225103771c509fc4a67f

   If it'll yell at you with something like fatal: Commit bce6e3c7324f53342bcd225103771c509fc4a67f is a merge but no -m option was given., add -m 1 as follows intead:

   $ git cherry-pick -m1 -x bce6e3c7324f53342bcd225103771c509fc4a67f

5. At this point, you'll probably encounter some merge conflicts. You must
   resolve them in to preserve the patch from PR Fix unicode errors #7044 as close to the
   original as possible.
6. Push this branch to your fork on GitHub:

   $ git push origin patchback/backports/3.9/bce6e3c7324f53342bcd225103771c509fc4a67f/pr-7044

7. Create a PR, ensure that the CI is green. If it's not — update it so that
   the tests and any other checks pass. This is it!
   Now relax and wait for the maintainers to process your pull request
   when they have some cycles to do reviews. Don't worry — they'll tell you if
   any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[Dreamsorcerer]

@ret2libc Could you complete the backport for us?

[ret2libc]

@Dreamsorcerer tried to do that in #7099 .