Skip to content

raise Response(400) for CRLFInjection #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
chadwhitacre opened this issue Oct 8, 2013 · 4 comments
Closed

raise Response(400) for CRLFInjection #249

chadwhitacre opened this issue Oct 8, 2013 · 4 comments
Labels
verified bug

Comments

@chadwhitacre
Copy link
Contributor

Right now we raise CRLFInjection if such is detected. It would be helpful from a logging standpoint to be able to class those with other bad user input problems. I propose that CRLFInjection subclass Response and the code is 400.
@chadwhitacre chadwhitacre mentioned this issue Nov 30, 2013
Closed
@pjz
Copy link
Contributor

pjz commented Dec 3, 2013

you think? or you think you should insert a translate_CRLFInjection_to_400Response(exc_info) ?

@chadwhitacre
Copy link
Contributor Author

Ooooh ... I see what you did there. ;-)

We need some principle by which we decide what functionality goes in Aspen core and what doesn't, and additionally what gets its own function in the algorithm. A topic for Friday's call, perhaps?

@chadwhitacre
Copy link
Contributor Author

So what we decided on the call was that we are going to look at using subclasses for all Responses that we raise in Aspen core. That will give developers fine-grained information about and control over request failures.

pjz added a commit that referenced this issue Jan 5, 2014
@pjz
Fix #249 - raise Response(400) for CRLFInjection
d423bbd 
In keeping with our internal response, it's a child object of Response.
@ghost ghost assigned chadwhitacre Jan 5, 2014
chadwhitacre added a commit that referenced this issue Jan 7, 2014
@chadwhitacre
Here's a simpler implemention of #249
1af0446 
This avoids a circular import by burying an import rather than folding
two files together.
pjz added a commit that referenced this issue Jan 7, 2014
@pjz
Merge pull request #278 from gittip/crlfinjection-response
dad7abd 
Here's a simpler implemention of #249
@chadwhitacre
Copy link
Contributor Author

Done in #278!

@chadwhitacre chadwhitacre mentioned this issue Feb 19, 2014
Open
@chadwhitacre chadwhitacre removed their assignment Feb 17, 2016
Changaco pushed a commit that referenced this issue Mar 11, 2016
@chadwhitacre
Here's a simpler implemention of #249
1f09825 
This avoids a circular import by burying an import rather than folding
two files together.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
verified bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pjz @chadwhitacre