search

pyrates / roll

Async, simple, fast: pick three! Roll is a pico framework with performances and aesthetic in mind.
http://roll.readthedocs.io/
27 stars 5 forks source link

Catch HttpParserInvalidMethodError #60

Closed yohanboniface closed 5 years ago

yohanboniface commented 6 years ago 
Jul 06 05:59:49 slz025 Trefle[26087]: Unhandled exception in event loop
Jul 06 05:59:49 slz025 Trefle[26087]: Traceback (most recent call last):
Jul 06 05:59:49 slz025 Trefle[26087]:   File "/srv/trefle/venv/lib/python3.6/site-packages/roll/__init__.py", line 420, in data_received
Jul 06 05:59:49 slz025 Trefle[26087]:     self.parser.feed_data(data)
Jul 06 05:59:49 slz025 Trefle[26087]:   File "httptools/parser/parser.pyx", line 193, in httptools.parser.parser.HttpParser.feed_data
Jul 06 05:59:49 slz025 Trefle[26087]: httptools.parser.errors.HttpParserInvalidMethodError: invalid HTTP method
Jul 06 05:59:49 slz025 Trefle[26087]: During handling of the above exception, another exception occurred:
Jul 06 05:59:49 slz025 Trefle[26087]: Traceback (most recent call last):
Jul 06 05:59:49 slz025 Trefle[26087]:   File "uvloop/handles/stream.pyx", line 784, in uvloop.loop.__uv_stream_on_read_impl
Jul 06 05:59:49 slz025 Trefle[26087]:   File "uvloop/handles/stream.pyx", line 563, in uvloop.loop.UVStream._on_read
Jul 06 05:59:49 slz025 Trefle[26087]:   File "/srv/trefle/venv/lib/python3.6/site-packages/roll/__init__.py", line 437, in data_received
Jul 06 05:59:49 slz025 Trefle[26087]:     self.write()
Jul 06 05:59:49 slz025 Trefle[26087]:   File "/srv/trefle/venv/lib/python3.6/site-packages/roll/__init__.py", line 509, in write
Jul 06 05:59:49 slz025 Trefle[26087]:     self.request.method in self._BODYLESS_METHODS))
Jul 06 05:59:49 slz025 Trefle[26087]: AttributeError: method

For the record, we have some funny players in the access_logs:

185.222.211.18 - - [06/Jul/2018:19:03:07 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 182 "-" "-"
112.66.78.59 - - [06/Jul/2018:23:35:56 +0000] "\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08" 400 182 "-" "-"
46.161.9.31 - - [07/Jul/2018:12:27:08 +0000] "\x05\x01\x00" 400 182 "-" "-"
46.161.9.31 - - [07/Jul/2018:12:30:09 +0000] "\x04\x01\x00P.\xA1\x09\x1F\x00" 400 182 "-" "-"
185.224.134.205 - - [07/Jul/2018:01:59:46 +0000] "SSH-2.0-libssh2_1.7.0" 400 182 "-" "-"
46.165.243.209 - - [07/Jul/2018:03:55:40 +0000] "\x16\x03\x01\x00\xCF\x01\x00\x00\xCB\x03\x03\xB6/\xBFs\x06C\x92\xC9\x8B\x87\xBB\xE1\x0F\xC9\x8F\x9E\x092\x1D\xD5F\xFB\xD1\x06\x93\xC2;L\xBC\xDE\x8F\xDE\x00\x00\x5C\xC0,\xC00\xC0+\xC0/\xCC\xA9\xCC\xA8\x00\xA3\x00\x9F\x00\xA2\x00\x9E\xCC\xAA\xC0\xAF\xC0\xAD\xC0$\xC0(\xC0" 400 182 "-" "-"
123.127.189.9 - - [06/Jul/2018:05:59:50 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x98x#\xBF%\x9A&0\xA2\x056\xE1.$\x09\x03\x88\xCEN\xC5\x84\xDA\xA1\x012P\xD1\x93#\xFE}\xBD\x00\x00\xB2\x00\x05\x00\x04\x00\x02\x00\x01\x00\x16\x003\x009\x00:\x00\x18\x005\x00" 400 182 "-" "-"
123.127.189.9 - - [06/Jul/2018:05:59:56 +0000] "LMTJ / HTTP/1.1" 499 0 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
123.127.189.9 - - [06/Jul/2018:05:59:57 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xDCk\x14T\xFB\x10\x9D\xFFHd4L\xF8\x7F\xD1\x16\x89\xD2\x9Ee\xA2\xE2\x15\xA3[\x9F\x8B\x03\xBC\x1D\x9B\xAD\x00\x00\xB2\x00\x05\x00\x04\x00\x02\x00\x01\x00\x16\x003\x009\x00:\x00\x18\x005\x00" 400 182 "-" "-"
123.127.189.9 - - [06/Jul/2018:05:59:59 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03x\xFFZo\xBB\xB2-\x1C\x8C\xF9o\x0B0eUg\xD6\xDD\x8C\xB2*\x98\xE7\x91\x7F\xBB\x1Ee\x83 \xB0z\x00\x00\xB2\x00\x05\x00\x04\x00\x02\x00\x01\x00\x16\x003\x009\x00:\x00\x18\x005\x00" 400 182 "-" "-"
66.240.205.34 - - [05/Jul/2018:08:19:46 +0000] "Gh0st\xAD\x00\x00\x00\xE0\x00\x00\x00x\x9CKS``\x98\xC3\xC0\xC0\xC0\x06\xC4\x8C@\xBCQ\x96\x81\x81\x09H\x07\xA7\x16\x95e&\xA7*\x04$&g+\x182\x94\
xF6\xB000\xAC\xA8rc\x00\x01\x11\xA0\x82\x1F\x5C`&\x83\xC7K7\x86\x19\xE5n\x0C9\x95n\x0C;\x84\x0F3\xAC\xE8sch\xA8^\xCF4'J\x97\xA9\x82\xE30\xC3\x91h]&\x90\xF8\xCE\x97S\xCBA4L?2=\xE1\xC4\x92\x86
\x0B@\xF5`\x0CT\x1F\xAE\xAF]" 400 182 "-" "-"
yohanboniface commented 5 years ago

OK, so the issue is that while dealing with with HttpParserError, we call write, which assumes request.method is defined, but if the method part of the request body was invalid, this is not the case.

yohanboniface commented 5 years ago

Ah, given we check for self.request that means that we parsed enough to call on_message_begin, which attaches the request to the protocol. But still the error is a HttpParserInvalidMethodError one (a subclass of HttpParserError we already catch), so I'm not sure how to reproduce this in the unit tests :/