weberror
weberror copied to clipboard
Published
20 hours ago •
Pylons
Pylons
WebError#evalerror can't handle malformed URLs
If you have the evalerror defined in you WSGI pipeline and than access a URL with wrongly encoded characters there will be an uncatched UnicodeDecodeError (thrown by WebOb).
Suppose you have this pipleline config:
pipeline =
egg:WebError#evalerror
YOURAPP
and then access an invalid URL like http://localhost/%F6 you will get a error trace similar to this:
Traceback (most recent call last):
File "/home/vagrant/demo/local/lib/python2.7/site-packages/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 1068, in process_request_in_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/SocketServer.py", line 638, in __init__
self.handle()
File "/home/vagrant/demo/local/lib/python2.7/site-packages/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 442, in handle
BaseHTTPRequestHandler.handle(self)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
self.handle_one_request()
File "/home/vagrant/demo/local/lib/python2.7/site-packages/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 437, in handle_one_request
self.wsgi_execute()
File "/home/vagrant/demo/local/lib/python2.7/site-packages/Paste-1.7.5.1-py2.7.egg/paste/httpserver.py", line 287, in wsgi_execute
self.wsgi_start_response)
File "/home/vagrant/demo/local/lib/python2.7/site-packages/WebError-0.10.3-py2.7.egg/weberror/evalexception.py", line 232, in __call__
if req.path_info_peek() == '_debug':
File "/home/vagrant/demo/local/lib/python2.7/site-packages/WebOb-1.3.1-py2.7.egg/webob/request.py", line 560, in path_info_peek
path = self.path_info
File "/home/vagrant/demo/local/lib/python2.7/site-packages/WebOb-1.3.1-py2.7.egg/webob/descriptors.py", line 68, in fget
return req.encget(key, encattr=encattr)
File "/home/vagrant/demo/local/lib/python2.7/site-packages/WebOb-1.3.1-py2.7.egg/webob/request.py", line 178, in encget
return val.decode(encoding)
File "/home/vagrant/demo/lib/python2.7/encodings/utf_8.py", line 16, in decode
return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xf6 in position 1: invalid start byte
While I agree that there is nothing you can do about malformed URLs the code inside evalexception.py should still try to catch the error and at least return an standard 400 Bad Request response. This way, at least the wsgi thread won't die.
This is an issue in WebOb. There is some work underway to fix that issue there.
