[Python-checkins] cpython (merge 3.5 -> default): Issue #26560: Avoid potential ValueError in BaseHandler.start_response

[berker.peksag]

https://hg.python.org/cpython/rev/ae1d12f09392
changeset:   100603:ae1d12f09392
parent:      100601:b8acf98beca9
parent:      100602:60f01a8a71ef
user:        Berker Peksag <berker.peksag at gmail.com>
date:        Sat Mar 19 09:05:59 2016 +0200
summary:
  Issue #26560: Avoid potential ValueError in BaseHandler.start_response

Initial patch by Peter Inglesby.

files:
  Lib/test/test_wsgiref.py |  21 +++++++++++++++++++++
  Lib/wsgiref/handlers.py  |   2 +-
  Misc/NEWS                |   3 +++
  3 files changed, 25 insertions(+), 1 deletions(-)


diff --git a/Lib/test/test_wsgiref.py b/Lib/test/test_wsgiref.py
--- a/Lib/test/test_wsgiref.py
+++ b/Lib/test/test_wsgiref.py
@@ -166,6 +166,27 @@
             " be of type list: <class 'tuple'>"
         )
 
+    def test_status_validation_errors(self):
+        def create_bad_app(status):
+            def bad_app(environ, start_response):
+                start_response(status, [("Content-Type", "text/plain; charset=utf-8")])
+                return [b"Hello, world!"]
+            return bad_app
+
+        tests = [
+            ('200', 'AssertionError: Status must be at least 4 characters'),
+            ('20X OK', 'AssertionError: Status message must begin w/3-digit code'),
+            ('200OK', 'AssertionError: Status message must have a space after code'),
+        ]
+
+        for status, exc_message in tests:
+            with self.subTest(status=status):
+                out, err = run_amock(create_bad_app(status))
+                self.assertTrue(out.endswith(
+                    b"A server error occurred.  Please contact the administrator."
+                ))
+                self.assertEqual(err.splitlines()[-2], exc_message)
+
     def test_wsgi_input(self):
         def bad_app(e,s):
             e["wsgi.input"].read()
diff --git a/Lib/wsgiref/handlers.py b/Lib/wsgiref/handlers.py
--- a/Lib/wsgiref/handlers.py
+++ b/Lib/wsgiref/handlers.py
@@ -226,7 +226,7 @@
         self.headers = self.headers_class(headers)
         status = self._convert_string_type(status, "Status")
         assert len(status)>=4,"Status must be at least 4 characters"
-        assert int(status[:3]),"Status message must begin w/3-digit code"
+        assert status[:3].isdigit(), "Status message must begin w/3-digit code"
         assert status[3]==" ", "Status message must have a space after code"
 
         if __debug__:
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -226,6 +226,9 @@
 Library
 -------
 
+- Issue #26560: Avoid potential ValueError in BaseHandler.start_response.
+  Initial patch by Peter Inglesby.
+
 - Issue #26567: Add a new function :c:func:`PyErr_ResourceWarning` function to
   pass the destroyed object. Add a *source* attribute to
   :class:`warnings.WarningMessage`. Add warnings._showwarnmsg() which uses

-- 
Repository URL: https://hg.python.org/cpython