HttpRequest.read(NUM_BYTES) can read beyond the end of wsgi.input stream. (Violation of WSGI spec & under-defined behaviour)
|Reported by:||tomchristie||Owned by:||tomchristie|
|Cc:||Maniac@…, tomchristie||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Please see discussion on this bug here: https://groups.google.com/forum/#!topic/django-developers/VG1ueWTSs_g
The problem is now that HttpRequest exposes a read() method, user code can do something like:
request_content = json.load(request)
at the moment that will:
- break the wsgi spec, as the client app is contracted not to attempt to read more than CONTENT-LENGTH bytes from wsgi.input
- result in under-defined behaviour, although it appears to work right now.
- break when used in the test client, as per #15762
I've attached a patch with tests for this issue, which:
- Changes WSGIRequest._stream to be a property that is (always) instantiated as a LimitedStream when first accessed.
- Removes some redundant code in HttpRequest and MultiPartParser.
- Fixes some minor bugs in tests/regressiontests/requests/tests.py
- Adds two tests for MultiPartParser to check graceful behaviour on truncated or empty multipart requests.
- Adds a test for TestClient request.read(LARGE_BUFFER) behaviour.
Change History (24)
comment:1 Changed 3 years ago by isagalaev
- Cc Maniac@… added
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:4 Changed 3 years ago by tomchristie
- Keywords http, wsgi added
- Triage Stage changed from Unreviewed to Accepted