/pando.py

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

raise Response(400) for CRLFInjection #249

Closed
chadwhitacre opened this Issue Oct 8, 2013 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
2 participants
@chadwhitacre @pjz
@chadwhitacre
Member

chadwhitacre commented Oct 8, 2013

Right now we raise CRLFInjection if such is detected. It would be helpful from a logging standpoint to be able to class those with other bad user input problems. I propose that CRLFInjection subclass Response and the code is 400.

@chadwhitacre chadwhitacre referenced this issue Nov 30, 2013

Closed

CRLFInjection reports in Sentry #1701

@pjz

This comment has been minimized.

Sign in to view
Contributor

pjz commented Dec 3, 2013

you think? or you think you should insert a translate_CRLFInjection_to_400Response(exc_info) ?
@chadwhitacre

This comment has been minimized.

Sign in to view
Member

chadwhitacre commented Dec 3, 2013

Ooooh ... I see what you did there. ;-)

We need some principle by which we decide what functionality goes in Aspen core and what doesn't, and additionally what gets its own function in the algorithm. A topic for Friday's call, perhaps?
@chadwhitacre

This comment has been minimized.

Sign in to view
Member

chadwhitacre commented Dec 11, 2013

So what we decided on the call was that we are going to look at using subclasses for all Responses that we raise in Aspen core. That will give developers fine-grained information about and control over request failures.

pjz added a commit that referenced this issue Jan 5, 2014

@pjz
Fix #249 - raise Response(400) for CRLFInjection 
In keeping with our internal response, it's a child object of Response.
Loading status checks…
d423bbd

@ghost ghost assigned chadwhitacre Jan 5, 2014

chadwhitacre added a commit that referenced this issue Jan 7, 2014

@chadwhitacre
Here's a simpler implemention of #249 
This avoids a circular import by burying an import rather than folding
two files together.
Loading status checks…
1af0446

pjz added a commit that referenced this issue Jan 7, 2014

@pjz
Merge pull request #278 from gittip/crlfinjection-response 
Here's a simpler implemention of #249
Loading status checks…
dad7abd
@chadwhitacre

This comment has been minimized.

Sign in to view
Member

chadwhitacre commented Jan 10, 2014

Done in #278!

@chadwhitacre chadwhitacre closed this Jan 10, 2014

@chadwhitacre chadwhitacre referenced this issue Feb 19, 2014

Open

only raise subclasses of Response in our algorithm funcs #304

@chadwhitacre chadwhitacre removed their assignment Feb 17, 2016

Changaco pushed a commit that referenced this issue Mar 11, 2016

@chadwhitacre
Here's a simpler implemention of #249 
This avoids a circular import by burying an import rather than folding
two files together.
1f09825
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment