fix(util): reject all invalid chars during number parsing

spaceone · spaceone · commit fc82581b668b · 2026-05-21T01:10:34.000+02:00
diff --git a/httoop/messages/protocol.py b/httoop/messages/protocol.py
@@ -10,7 +10,7 @@
 
 from httoop.exceptions import InvalidLine
 from httoop.meta import Semantic
-from httoop.util import _
+from httoop.util import _, integer
 
 
 __all__ = ('Protocol',)
@@ -47,13 +47,13 @@ def set(self, protocol: bytes | Protocol | tuple[int, int] | int | str) -> None:
             protocol = self.parse(protocol)
         else:
             major, minor = tuple(protocol)
-            self.__protocol = (int(major), int(minor))
+            self.__protocol = (integer(major), integer(minor))
 
     def parse(self, protocol: bytes) -> None:
         match = self.PROTOCOL_RE.match(protocol)
         if match is None:
             raise InvalidLine(_('Invalid HTTP protocol: %r'), protocol.decode('ISO8859-1'))
-        self.__protocol = (int(match.group(2)), int(match.group(3)))
+        self.__protocol = (integer(match.group(2)), integer(match.group(3)))
         self.name = match.group(1)
 
     def compose(self) -> bytes:
diff --git a/httoop/status/status.py b/httoop/status/status.py
@@ -132,7 +132,7 @@ def parse(self, status: bytes) -> None:
         if match is None:
             raise InvalidLine(_('Invalid status %r'), status.decode('ISO8859-1'))
 
-        self.set((int(match.group(1)), match.group(2).decode('ascii')))
+        self.set((integer(match.group(1)), match.group(2).decode('ascii')))
 
     def compose(self) -> bytes:
         return b'%d %s' % (self.__code, self.__reason.encode('ascii'))
diff --git a/httoop/uri/uri.py b/httoop/uri/uri.py
@@ -65,7 +65,7 @@ def port(self, port) -> None:
         if port:
             try:
                 port = integer(port)
-                if not 0 < integer(port) <= 65535:
+                if not 0 < port <= 65535:
                     raise ValueError
             except ValueError:
                 raise InvalidURI(_('Invalid port: %r'), port)  # TODO: TypeError
diff --git a/httoop/util.py b/httoop/util.py
@@ -3,6 +3,7 @@
 from __future__ import annotations
 
 import codecs
+import string
 from typing import Any, Callable
 
 
@@ -61,18 +62,45 @@ def _decorated(self, *args, **kwargs):
     return _decorated
 
 
-def integer(number: int | str | bytes, *args) -> int:
+def integer(number: str | bytes, base=10) -> int:
     """
-    In Python 3 int() is broken.
-    >>> int(bytearray(b'1_0'))
+    The native Python integer parsing from string allows to many forms which are not allowed by the protocol.
+
+    >>> integer(bytearray(b'10'))
+    10
+    >>> integer(b'5a', 16)
+    90
+    >>> integer(bytearray(b'1_0'))
+    Traceback (most recent call last):
+            ...
+    ValueError:
+    >>> integer(bytearray(b' 10'))
+    Traceback (most recent call last):
+            ...
+    ValueError:
+    >>> integer(bytearray(b'\t10'))
+    Traceback (most recent call last):
+            ...
+    ValueError:
+    >>> integer(bytearray(b'\v10'))
+    Traceback (most recent call last):
+            ...
+    ValueError:
+    >>> integer(bytearray(b'\f10'))
+    Traceback (most recent call last):
+            ...
+    ValueError:
+    >>> integer(bytearray(b'10 \t\v\f'))
     Traceback (most recent call last):
             ...
     ValueError:
     """
-    num = int(number, *args)
-    if (isinstance(number, str) and '_' in number) or (isinstance(number, (bytes, bytearray)) and b' ' in number):
-        raise ValueError()
-    return num
+    if isinstance(number, int):
+        return int(number)
+    if not number.isdigit():
+        if base != 16 or number.strip(string.hexdigits if isinstance(string, str) else string.hexdigits.encode('ASCII')):
+            raise ValueError()
+    return int(number, base)
 
 
 class IFile:
diff --git a/tests/messaging/test_body.py b/tests/messaging/test_body.py
@@ -140,7 +140,7 @@ def test_body_deflate_compressed(request_, response, clientstatemachine):
     assert str(res.body) == 'this is a test'
 
 
-@pytest.mark.parametrize('chunk_size', [b'-18', b'fg'])
+@pytest.mark.parametrize('chunk_size', [b'-18', b'fg', b'1_8'])
 def test_parse_chunked_body_with_invalid_chunk_size(statemachine, chunk_size):
     statemachine.parse(b'POST / HTTP/1.1\r\nTransfer-Encoding: chunked\r\nTrailer: Foo\r\nAccept: */*\r\nUser-Agent: httoop/0.0\r\nHost: localhost\r\nContent-Type: text/plain; charset="UTF-8"\r\n\r\n')
     with pytest.raises(BAD_REQUEST) as exc:
diff --git a/tests/messaging/test_response_protocol.py b/tests/messaging/test_response_protocol.py
@@ -1,3 +1,8 @@
+import pytest
+
+from httoop.exceptions import InvalidLine
+
+
 def test_response_protocol_with_http1_0_request_():
     pass
 
@@ -16,3 +21,15 @@ def test_response_protocol_with_http0_9_request_():
 
 def test_response_protocol_with_http2_0_request_():
     pass
+
+
+@pytest.mark.parametrize('protocol', [
+    b'HTTP/ 1.1',
+    b'HTTP/1_1.1',
+    b'HTTP/1.a',
+    b'HTTP/1.1a',
+    b'HTTP/1.1\t',
+])
+def test_invalid_protocol(response, protocol):
+    with pytest.raises(InvalidLine):
+        response.protocol.parse(protocol)
diff --git a/tests/messaging/test_response_status.py b/tests/messaging/test_response_status.py
@@ -0,0 +1,15 @@
+import pytest
+
+from httoop.exceptions import InvalidLine
+
+
+@pytest.mark.parametrize('status', [
+    b' OK',
+    b'2_00 OK',
+    b'2_0 OK',
+    b' 200 OK',
+    b'\v200 OK',
+])
+def test_invalid_status(response, status):
+    with pytest.raises(InvalidLine):
+        response.status.parse(status)
