Description
Describe the bug
A bot is scanning one of my websites, and for some reason it is using this as header:
If-Modified-Since: Tue, 08 Oct 4446413 00:56:40 GMT
Not sure what the bot is smoking, but for sure that year is a bit odd. Now when I try request.if_modified_since aiohttp bails out with ValueError: year 4447131 is out of range.
I am not completely sure if this is a bug you want to address in this library, or if I should just capture the ValueError and ignore the if_modified_since header with these kind of weird values, but I at least wanted to let you know about this issue.
To Reproduce
Given this server:
from aiohttp import web
async def handle(request):
if_modified_since = request.if_modified_since
return web.Response(text="")
app = web.Application()
app.add_routes([web.get('/', handle)])
web.run_app(app)Launch this curl against it:
curl -H "If-Modified-Since: Tue, 08 Oct 4446413 00:56:40 GMT" http://127.0.0.1:8080
Expected behavior
Graceful error, possibly even None, if the If-Modified-Since header cannot be parsed correctly.
Logs/tracebacks
Traceback (most recent call last):
File ".env/lib/python3.8/site-packages/aiohttp/web_protocol.py", line 422, in _handle_request
resp = await self._request_handler(request)
File ".env/lib/python3.8/site-packages/aiohttp/web_app.py", line 499, in _handle
resp = await handler(request)
File "demonstration.py", line 4, in handle
if_modified_since = request.if_modified_since
File "aiohttp/_helpers.pyx", line 26, in aiohttp._helpers.reify.__get__
File ".env/lib/python3.8/site-packages/aiohttp/web_request.py", line 484, in if_modified_since
return self._http_date(self.headers.get(hdrs.IF_MODIFIED_SINCE))
File ".env/lib/python3.8/site-packages/aiohttp/web_request.py", line 475, in _http_date
return datetime.datetime(*timetuple[:6], tzinfo=datetime.timezone.utc)
ValueError: year 4446413 is out of rangePython Version
$ python --version
Python 3.8.5aiohttp Version
$ python -m pip show aiohttp
Name: aiohttp
Version: 3.7.4.post0
Summary: Async http client/server framework (asyncio)
Home-page: https://github.com/aio-libs/aiohttp
Author: Nikolay Kim
Author-email: fafhrd91@gmail.com
License: Apache 2
Location: .env/lib/python3.8/site-packages
Requires: async-timeout, attrs, multidict, yarl, typing-extensions, chardet
Required-by:multidict Version
$ python -m pip show multidict
Name: multidict
Version: 5.1.0
Summary: multidict implementation
Home-page: https://github.com/aio-libs/multidict
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache 2
Location: .env/lib/python3.8/site-packages
Requires:
Required-by: yarl, aiohttpyarl Version
$ python -m pip show yarl
Name: yarl
Version: 1.6.3
Summary: Yet another URL library
Home-page: https://github.com/aio-libs/yarl/
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache 2
Location: .env/lib/python3.8/site-packages
Requires: multidict, idna
Required-by: aiohttpOS
Linux
Related component
Server
Additional context
No response
Code of Conduct
- I agree to follow the aio-libs Code of Conduct