Why exception from os.path.exists()?
Marko Rauhamaa
marko at pacujo.net
Thu Jun 7 06:47:07 EDT 2018
Chris Angelico <rosuav at gmail.com>:
> On Thu, Jun 7, 2018 at 7:29 PM, Marko Rauhamaa <marko at pacujo.net> wrote:
>> 3. http://localhost:8000/te%00st.html
>>
>> => The server crashes with a ValueError and the TCP connection is
>> reset
>>
>
> Actually, I couldn't even get Chrome to make that request, so it
> obviously was considered by the browser to be invalid.
Wow! Why on earth?
> it's somewhat unideal behaviour - I would prefer to see an HTTP 500
> come back if the server crashes - but I can't see that that's a
> security problem. Just a QOS issue, wherein you might get a 500 rather
> than a 404 for certain requests.
It's a demonstration of how this innocent-looking problem can lead to
surprising and even serious consequences.
The given URI is well-formed and should not give any particular trouble
to any HTTP server.
Marko
More information about the Python-list
mailing list