Fixed #276 -- Ensured 500 response when app sends malformed headers. (#281)

2024-11-21 15:36:33 +03:00 · 2019-11-14 07:13:16 +01:00 · 2019-11-14 07:13:16 +01:00 · 78be865eb4
commit 78be865eb4
parent 7032f8e0f8
3 changed files with 30 additions and 3 deletions
--- a/daphne/server.py
+++ b/daphne/server.py
@ -219,7 +219,12 @@ class Server(object):
            "disconnected", None
        ):
            return
-        self.check_headers_type(message)
+        try:
+            self.check_headers_type(message)
+        except ValueError:
+            # Ensure to send SOME reply.
+            protocol.basic_error(500, b"Server Error", "Server Error")
+            raise
        # Let the protocol handle it
        protocol.handle_reply(message)

--- a/tests/http_base.py
+++ b/tests/http_base.py
@ -56,12 +56,16 @@ class DaphneTestCase(unittest.TestCase):
            # Return scope, messages, response
            return test_app.get_received() + (response,)

-    def run_daphne_raw(self, data, timeout=1):
+    def run_daphne_raw(self, data, *, responses=None, timeout=1):
        """
-        Runs daphne and sends it the given raw bytestring over a socket. Returns what it sends back.
+        Runs Daphne and sends it the given raw bytestring over a socket.
+        Accepts list of response messages the application will reply with.
+        Returns what Daphne sends back.
        """
        assert isinstance(data, bytes)
        with DaphneTestingInstance() as test_app:
+            if responses is not None:
+                test_app.add_send_messages(responses)
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.settimeout(timeout)
            s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
--- a/tests/test_http_response.py
+++ b/tests/test_http_response.py
@ -169,3 +169,21 @@ class TestHTTPResponse(DaphneTestCase):
            str(context.exception),
            "Header value 'True' expected to be `bytes`, but got `<class 'bool'>`",
        )
+
+    def test_headers_type_raw(self):
+        """
+        Daphne returns a 500 error response if the application sends invalid
+        headers.
+        """
+        response = self.run_daphne_raw(
+            b"GET / HTTP/1.0\r\n\r\n",
+            responses=[
+                {
+                    "type": "http.response.start",
+                    "status": 200,
+                    "headers": [["foo", b"bar"]],
+                },
+                {"type": "http.response.body", "body": b""},
+            ],
+        )
+        self.assertTrue(response.startswith(b"HTTP/1.0 500 Internal Server Error"))