diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2022-12-05 22:47:57 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-05 22:47:57 (GMT) |
| commit | aae7b43ca3d2bb2028370b8252ccb51006827429 (patch) | |
| tree | 355ac536a596ce3f4e6a46b03b1f86ea4b7e441d /Lib | |
| parent | ec8c06bc28b29b62d31b953e54f1d8d8535faa80 (diff) | |
| download | cpython-aae7b43ca3d2bb2028370b8252ccb51006827429.zip cpython-aae7b43ca3d2bb2028370b8252ccb51006827429.tar.gz cpython-aae7b43ca3d2bb2028370b8252ccb51006827429.tar.bz2 | |
gh-100001: Also escape \s in http.server log messages. (GH-100038)
Also \ escape \s in the http.server BaseHTTPRequestHandler.log_message so
that it is technically possible to parse the line and reconstruct what the
original data was. Without this a \xHH is ambiguious as to if it is a hex
replacement we put in or the characters r"\x" came through in the original
request line.
(cherry picked from commit 7e29398407dbd53b714702abb89aa2fd7baca48a)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/http/server.py | 1 | ||||
| -rw-r--r-- | Lib/test/test_httpservers.py | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py index ca42942..03dbaa5 100644 --- a/Lib/http/server.py +++ b/Lib/http/server.py @@ -567,6 +567,7 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler): # https://en.wikipedia.org/wiki/List_of_Unicode_characters#Control_codes _control_char_table = str.maketrans( {c: fr'\x{c:02x}' for c in itertools.chain(range(0x20), range(0x7f,0xa0))}) + _control_char_table[ord('\\')] = r'\\' def log_message(self, format, *args): """Log an arbitrary message. diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py index 34e0e35..ac8da49 100644 --- a/Lib/test/test_httpservers.py +++ b/Lib/test/test_httpservers.py @@ -994,6 +994,7 @@ class BaseHTTPRequestHandlerTestCase(unittest.TestCase): log_message(self.handler, '/\033bar\000\033') log_message(self.handler, '/spam %s.', 'a') log_message(self.handler, '/spam %s.', '\033\x7f\x9f\xa0beans') + log_message(self.handler, '"GET /foo\\b"ar\007 HTTP/1.0"') stderr = fake_stderr.getvalue() self.assertNotIn('\033', stderr) # non-printable chars are caught. self.assertNotIn('\000', stderr) # non-printable chars are caught. @@ -1002,6 +1003,7 @@ class BaseHTTPRequestHandlerTestCase(unittest.TestCase): self.assertIn(r'/\x1bbar\x00\x1b', lines[1]) self.assertIn('/spam a.', lines[2]) self.assertIn('/spam \\x1b\\x7f\\x9f\xa0beans.', lines[3]) + self.assertIn(r'"GET /foo\\b"ar\x07 HTTP/1.0"', lines[4]) def test_http_1_1(self): result = self.send_typical_request(b'GET / HTTP/1.1\r\n\r\n') |