Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new NotHttpProtocol exception to differentiate invalid methods and gibberish #10067

Closed
wants to merge 8 commits into from
Closed

Add new NotHttpProtocol exception to differentiate invalid methods and gibberish #10067

wants to merge 8 commits into from

Conversation

bdraco
Copy link
Member

@bdraco bdraco commented Nov 27, 2024
edited
Loading

Followup to #10055 (comment) to better differentiate invalid methods and gibberish

@bdraco bdraco mentioned this pull request Nov 27, 2024
Merged
@codecov Codecov
Copy link

codecov bot commented Nov 27, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.76%. Comparing base (c11fe96) to head (563e54e).
Report is 27 commits behind head on master.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #10067   +/-   ##
=======================================
  Coverage   98.76%   98.76%           
=======================================
  Files         121      121           
  Lines       36860    36867    +7     
  Branches     4396     4398    +2     
=======================================
+ Hits        36403    36410    +7     
  Misses        311      311           
  Partials      146      146
Flag Coverage Δ
CI-GHA 98.64% <100.00%> (+<0.01%) ⬆️
OS-Linux 98.33% <100.00%> (+<0.01%) ⬆️
OS-Windows 96.18% <100.00%> (+<0.01%) ⬆️
OS-macOS 97.44% <100.00%> (+<0.01%) ⬆️
Py-3.10.11 97.29% <100.00%> (+<0.01%) ⬆️
Py-3.10.15 97.82% <100.00%> (+<0.01%) ⬆️
Py-3.11.10 97.87% <100.00%> (+<0.01%) ⬆️
Py-3.11.9 97.33% <100.00%> (-0.02%) ⬇️
Py-3.12.7 98.39% <100.00%> (+<0.01%) ⬆️
Py-3.13.0 98.34% <100.00%> (-0.06%) ⬇️
Py-3.9.13 97.21% <100.00%> (+<0.01%) ⬆️
Py-3.9.20 97.79% <100.00%> (+0.04%) ⬆️
Py-pypy7.3.16 97.36% <100.00%> (+0.01%) ⬆️
VM-macos 97.44% <100.00%> (+<0.01%) ⬆️
VM-ubuntu 98.33% <100.00%> (+<0.01%) ⬆️
VM-windows 96.18% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@bdraco bdraco added backport-3.11 Trigger automatic backporting to the 3.11 release branch by Patchback robot backport-3.12 Trigger automatic backporting to the 3.12 release branch by Patchback robot labels Nov 27, 2024
@psf-chronographer psf-chronographer bot added the bot:chronographer:provided There is a change note present in this PR label Nov 27, 2024
@bdraco bdraco changed the title Add new NotHttpProtocol to differentiate invalid methods and gibberish Add new NotHttpProtocol exception to differentiate invalid methods and gibberish Nov 27, 2024
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Nov 27, 2024
edited
Loading

CodSpeed Performance Report

Merging #10067 will not alter performance

Comparing not_http_protocol (563e54e) with master (c11fe96)

Summary

✅ 44 untouched benchmarks

@bdraco
Copy link
Member Author

bdraco commented Nov 27, 2024

I want to look back at all the HA issues and be sure to add some more tests for other types of gibberish

andersk
andersk reviewed Nov 27, 2024
View reviewed changes
aiohttp/_http_parser.pyx
Comment on lines +837 to +838
if b" " not in data:
return NotHttpProtocol(err_msg)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems unreliable since a binary protocol can easily include b" " by accident.

A TLS handshake always begins with b"\x16" (RFC 8446 §5.1); we could use that to reliably detect HTTPS at least.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah its a bit messy to guess here... maybe we should just leave it as-is.

Copy link
Member Author

@bdraco bdraco Nov 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think its better to leave it as-is and not try to differentiate as llhttp is always going to be able to do a better job than a heuristic as otherwise we end up with a whole list of possible exceptions for TLS or other garbage

@bdraco bdraco closed this Nov 27, 2024
@bdraco bdraco deleted the not_http_protocol branch November 27, 2024 19:15
@Dreamsorcerer Dreamsorcerer mentioned this pull request Nov 30, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andersk andersk andersk left review comments

@webknjaz webknjaz Awaiting requested review from webknjaz webknjaz will be requested when the pull request is marked ready for review webknjaz is a code owner

@asvetlov asvetlov Awaiting requested review from asvetlov asvetlov will be requested when the pull request is marked ready for review asvetlov is a code owner

Assignees
No one assigned
Labels
backport-3.11 Trigger automatic backporting to the 3.11 release branch by Patchback robot backport-3.12 Trigger automatic backporting to the 3.12 release branch by Patchback robot bot:chronographer:provided There is a change note present in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bdraco @andersk