#37103: HttpRequest.body raises ValueError for malformed CONTENT_LENGTH
-------------------------------------+-------------------------------------
Reporter: bankai | Owner: (none)
Type: Bug | Status: new
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: ASGI Content-Length | Triage Stage:
HttpRequest | Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Description changed by Sarah Boyce:
Old description:
> Accessing request.body raises an unhandled ValueError when
> META["CONTENT_LENGTH"] isn't a valid integer:
>
> ValueError: invalid literal for int() with base 10: '10,20'
>
> This can happen with ASGIRequest if duplicate Content-Length headers are
> comma-joined into a single META value. Even when such requests are
> usually
> rejected by common HTTP parsers, HttpRequest.body is currently
> inconsistent
> with other Django code paths.
>
> WSGIRequest.__init__(), MultiPartParser.__init__(), and
> django.core.servers.basehttp all wrap int(CONTENT_LENGTH) in:
>
> try:
> ...
> except (ValueError, TypeError):
> content_length = 0
>
> HttpRequest.body is the only place that calls int(CONTENT_LENGTH) without
> that guard.
>
> Minimal reproduction:
>
> from io import BytesIO
> from django.core.handlers.asgi import ASGIRequest
> from django.test import AsyncRequestFactory
>
> scope = AsyncRequestFactory()._base_scope(method="POST", path="/")
> scope["headers"] = [
> (b"content-type", b"text/plain"),
> (b"content-length", b"10,20"),
> ]
>
> ASGIRequest(scope, BytesIO(b"hello world body")).body
>
> Expected behavior:
> request.body should handle malformed CONTENT_LENGTH consistently with
> WSGIRequest and MultiPartParser, falling back to 0 instead of surfacing a
> raw ValueError.
>
> Actual behavior:
> request.body raises ValueError.
>
> I have a patch and regression test.
New description:
Accessing request.body raises an unhandled `ValueError` when
`META["CONTENT_LENGTH"]` isn't a valid integer:
{{{
ValueError: invalid literal for int() with base 10: '10,20'
}}}
This can happen with `ASGIRequest` if duplicate `Content-Length` headers
are comma-joined into a single META value. Even when such requests are
usually rejected by common HTTP parsers, `HttpRequest.body` is currently
inconsistent with other Django code paths.
{{{
WSGIRequest.__init__(), MultiPartParser.__init__(), and
django.core.servers.basehttp all wrap int(CONTENT_LENGTH) in:
try:
...
except (ValueError, TypeError):
content_length = 0
}}}
`HttpRequest.body` is the only place that calls `int(CONTENT_LENGTH)`
without
that guard.
Minimal reproduction:
{{{
from io import BytesIO
from django.core.handlers.asgi import ASGIRequest
from django.test import AsyncRequestFactory
scope = AsyncRequestFactory()._base_scope(method="POST", path="/")
scope["headers"] = [
(b"content-type", b"text/plain"),
(b"content-length", b"10,20"),
]
ASGIRequest(scope, BytesIO(b"hello world body")).body
}}}
Expected behavior:
`request.body` should handle malformed `CONTENT_LENGTH` consistently with
`WSGIRequest` and `MultiPartParser`, falling back to 0 instead of
surfacing a raw `ValueError`.
Actual behavior:
`request.body` raises `ValueError`.
I have a patch and regression test.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/37103#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019e3a2570ce-298b09e5-d75f-490c-a748-89e04523ffa6-000000%40eu-central-1.amazonses.com.
