Require full version and method regex matches #7701
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
psf-chronographer
bot
added
the
bot:chronographer:provided
|
Instead of adding new tests, I just updated the existing tests for bad methods and versions to have valid prefixes. I can add additional tests if that's preferable. |
Codecov Report
@@ Coverage Diff @@
## master #7701 +/- ##
=======================================
Coverage 97.36% 97.36%
=======================================
Files 106 106
Lines 31665 31665
Branches 3624 3624
=======================================
Hits 30830 30830
Misses 632 632
Partials 203 203
Flags with carried forward coverage won't be shown. Click here to find out more.
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Backport to 3.9: 💚 backport PR created✅ Backport PR branch: Backported as #7703 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Oct 15, 2023
## What do these changes do? These changes ensure that HTTP versions and methods fully match the regular expressions for those constructs. AIOHTTP currently only applies prefix-matching, which I assume was unintentional. ## Are there changes in behavior for the user? There should be no observable changes to the user, unless they use HTTP servers/clients that generate very malformed request lines. Such clients/servers are unlikely to exist because most other web servers reject these malformed messages. ## Related issue number Fixes #7700 (cherry picked from commit 312f747)
Dreamsorcerer
pushed a commit
that referenced
this pull request
Oct 15, 2023
…ex matches (#7703) **This is a backport of PR #7701 as merged into master (312f747).** ## What do these changes do? These changes ensure that HTTP versions and methods fully match the regular expressions for those constructs. AIOHTTP currently only applies prefix-matching, which I assume was unintentional. ## Are there changes in behavior for the user? There should be no observable changes to the user, unless they use HTTP servers/clients that generate very malformed request lines. Such clients/servers are unlikely to exist because most other web servers reject these malformed messages. ## Related issue number Fixes #7700 Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com>
xiangxli
pushed a commit
to xiangxli/aiohttp
that referenced
this pull request
Dec 4, 2023
…thod regex matches (aio-libs#7703) **This is a backport of PR aio-libs#7701 as merged into master (312f747).** These changes ensure that HTTP versions and methods fully match the regular expressions for those constructs. AIOHTTP currently only applies prefix-matching, which I assume was unintentional. There should be no observable changes to the user, unless they use HTTP servers/clients that generate very malformed request lines. Such clients/servers are unlikely to exist because most other web servers reject these malformed messages. Fixes aio-libs#7700 Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What do these changes do?
These changes ensure that HTTP versions and methods fully match the regular expressions for those constructs. AIOHTTP currently only applies prefix-matching, which I assume was unintentional.
Are there changes in behavior for the user?
There should be no observable changes to the user, unless they use HTTP servers/clients that generate very malformed request lines. Such clients/servers are unlikely to exist because most other web servers reject these malformed messages.
Related issue number
Fixes #7700