summaryrefslogtreecommitdiff
path: root/tests/requests_tests/tests.py
AgeCommit message (Collapse)Author
2026-04-22Fixed #36991 -- Raised BadRequest for invalid encodings in Content-Type headers.Dinesh
2026-04-07Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser.Natalia
When a multipart file part used `Content-Transfer-Encoding: base64` and the non-whitespace base64 bytes did not align to a multiple of 4 within a chunk, the parser entered a loop calling `field_stream.read(1-3)` once per whitespace byte. Each such call fetched the entire internal buffer, sliced off 1-3 bytes, and pushed the remainder back via unget(), doing an O(n) memory copy per call. A 2.5 MB payload of mostly whitespace produced CPU amplification relative to a normal upload of the same size. The alignment loop now reads `self._chunk_size` bytes at a time, and accumulates stripped parts in a list joined once at the end. Thanks to Seokchan Yoon for the report and the fixing patch.
2026-02-24Fixed #36931 -- Handled LookupError in multipart parser for invalid RFC 2231 ↵sammiee5311
encoding. Added LookupError to the except clause so invalid headers are silently skipped, consistent with other malformed header handling.
2026-02-10Fixed #36841 -- Made multipart parser class pluggable on HttpRequest.farhan
2025-08-28Refs #36520 -- Ensured only the header value is passed to ↵Jake Howard
parse_header_parameters for multipart requests. Header parsing should apply only to the header value. The previous implementation happened to work but relied on unintended behavior.
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-05-13Fixed #36332 -- Corrected HttpRequest.get_full_path() and ↵Aleksandr Safonov
HttpRequest.get_full_path_info() examples.
2023-11-28Refs #21442 -- Increased test coverage of requests.David Smith
2023-11-24Fixed #34968 -- Made multipart parsing of headers raise an error on too long ↵Standa Opichal
headers. This also allow customizing the maximum size of headers via MAX_TOTAL_HEADER_SIZE.
2023-08-25Fixed #34709 -- Raised BadRequest for non-UTF-8 requests with the ↵Mariusz Felisiak
application/x-www-form-urlencoded content type. Thanks Eki Xu for the report.
2023-08-02Added more tests for django.http.request.split_domain_port().Nick Pope
2023-06-07Added MultiPartParser tests for parsing base64-encoded fields.benebsiny
2023-04-12Fixed #34484, Refs #34482 -- Reverted "Fixed #29186 -- Fixed pickling ↵Mariusz Felisiak
HttpRequest and subclasses." This reverts commit 6220c445c40a6a7f4d442de8bde2628346153963. Thanks Adam Johnson and Márton Salomváry for reports.
2023-01-07Renamed 'requests' test package.Tim Graham
This avoids a collision when third-party database backends depend on the Requests HTTP library.