From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.142.191.1 with SMTP id o1cs30786wff; Tue, 24 Nov 2009 02:22:50 -0800 (PST) Received: from mr.google.com ([10.115.100.32]) by 10.115.100.32 with SMTP id c32mr1460934wam.16.1259058169990 (num_hops = 1); Tue, 24 Nov 2009 02:22:49 -0800 (PST) Received: by 10.115.100.32 with SMTP id c32mr159594wam.16.1259058168599; Tue, 24 Nov 2009 02:22:48 -0800 (PST) X-BeenThere: rack-devel@googlegroups.com Received: by 10.114.248.2 with SMTP id v2ls10071wah.2.p; Tue, 24 Nov 2009 02:22:47 -0800 (PST) Received: by 10.115.26.19 with SMTP id d19mr1555343waj.4.1259058166963; Tue, 24 Nov 2009 02:22:46 -0800 (PST) Received: by 10.115.26.19 with SMTP id d19mr1555342waj.4.1259058166939; Tue, 24 Nov 2009 02:22:46 -0800 (PST) Return-Path: Received: from mail-ew0-f220.google.com (mail-ew0-f220.google.com [209.85.219.220]) by gmr-mx.google.com with ESMTP id 3si1333805pxi.8.2009.11.24.02.22.45; Tue, 24 Nov 2009 02:22:45 -0800 (PST) Received-SPF: pass (google.com: domain of jftucker@gmail.com designates 209.85.219.220 as permitted sender) client-ip=209.85.219.220; Received: by mail-ew0-f220.google.com with SMTP id 20so2718834ewy.0 for ; Tue, 24 Nov 2009 02:22:45 -0800 (PST) Received: by 10.216.89.209 with SMTP id c59mr2008734wef.181.1259058164970; Tue, 24 Nov 2009 02:22:44 -0800 (PST) Return-Path: Received: from ?192.168.1.107? (bb-87-81-237-21.ukonline.co.uk [87.81.237.21]) by mx.google.com with ESMTPS id i6sm11828011gve.16.2009.11.24.02.22.43 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 24 Nov 2009 02:22:44 -0800 (PST) From: James Tucker Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: multipart/signed; boundary=Apple-Mail-1--569394931; protocol="application/pkcs7-signature"; micalg=sha1 Subject: Re: Invalid query string handling Date: Tue, 24 Nov 2009 10:22:42 +0000 In-Reply-To: <9b62ed110911240141v5223c470gccf2cedc50b1257a@mail.gmail.com> To: rack-devel@googlegroups.com References: <4f56a124-ba2c-4336-989b-7a8336dc98f4@v37g2000vbb.googlegroups.com> <8253528E-60BA-4C08-AB8D-3FDA8E65E223@gmail.com> <9b62ed110911240141v5223c470gccf2cedc50b1257a@mail.gmail.com> Message-Id: <4C9925A9-FC76-453E-BE83-0E21D074424B@gmail.com> X-Mailer: Apple Mail (2.1077) X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jftucker@gmail.com designates 209.85.219.220 as permitted sender) smtp.mail=jftucker@gmail.com; dkim=pass (test mode) header.i=@gmail.com Reply-To: rack-devel@googlegroups.com Precedence: list Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com List-ID: List-Post: , List-Help: , List-Archive: X-Thread-Url: http://groups.google.com/group/rack-devel/t/72a3361c049286ac X-Message-Url: http://groups.google.com/group/rack-devel/msg/3ee42aa9d897070a List-Unsubscribe: , List-Subscribe: , --Apple-Mail-1--569394931 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 24 Nov 2009, at 09:41, Maciej Lotkowski wrote: > On Tue, Nov 24, 2009 at 10:18 AM, James Tucker = wrote: >> On 23 Nov 2009, at 12:41, Maciej Lotkowski wrote: >>=20 >>> Hi, >>>=20 >>> recently I stumbled upon a problem: >>>=20 >>> require 'rubygems' >>> require 'rack' >>> require 'rack/mock' >>>=20 >>>=20 >>> app =3D lambda { |env| >>> Rack::Request.new(env).GET >>> } >>> = app.call(Rack::MockRequest.env_for("/kiszka?foo=3D&foo[option]=3Dkiszka"))= >>=20 >> remove foo=3D from the front of your query string. >=20 > It's not my query string, smeone just tries to flood my app with > strange requests. > But that's not the point. >=20 >=20 > On Tue, Nov 24, 2009 at 10:25 AM, Magnus Holm = wrote: >> Maybe we should have a Rack::BadRequest, which can be raised when = needed? >=20 > That's what I mean. TypeError isn't an exception which you can expect = to raised > because of invalid request. Combine this with the other issues in various request parsing = discussions, I'm starting to think this wants to be pushed right into = middleware. >=20 > --=20 > Maciej Lotkowski --Apple-Mail-1--569394931 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJljCCBEYw ggOvoAMCAQICEGb9R+PCGeToms2Z3fU6yyQwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMx FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5 IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA1MTAyODAwMDAwMFoXDTE1MTAyNzIzNTk1OVow gd0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp Z24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZl cmlzaWduLmNvbS9ycGEgKGMpMDUxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUG A1UEAxMuVmVyaVNpZ24gQ2xhc3MgMSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0EgLSBHMjCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnfrOfq+PgDFMQAktXBfjbCPO98chXLwKuMPRyV zm8eECw/AO2XJua2x+atQx0/pIdHR0w+VPhs+Mf8sZ69MHC8l7EDBeqV8a1AxUR6SwWi8mD81zpl Yu//EHuiVrvFTnAt1qIfPO2wQuhejVchrKaZ2RHp0hoHwHRHQgv8xTTq/ea6JNEdCBU3otdzzwFB L2OyOj++pRpu9MlKWz2VphW7NQIZ+dTvvI8OcXZZu0u2Ptb8Whb01g6J8kn+bAztFenZiHWcec5g J925rXXOL3OVekA6hXVJsLjfaLyrzROChRFQo+A8C67AClPN1zBvhTJGG+RJEMJs4q8fef/btLUC AwEAAaOB/zCB/DASBgNVHRMBAf8ECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwEw KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTALBgNVHQ8EBAMCAQYw EQYJYIZIAYb4QgEBBAQDAgEGMC4GA1UdEQQnMCWkIzAhMR8wHQYDVQQDExZQcml2YXRlTGFiZWwz LTIwNDgtMTU1MB0GA1UdDgQWBBQRfV4ZfTwE32ps1qKKGj8x2DuUUjAxBgNVHR8EKjAoMCagJKAi hiBodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2ExLmNybDANBgkqhkiG9w0BAQUFAAOBgQA8o9oC YzrEk6qrctPcrVA4HgyeFkqIt+7r2f8PjZWg1rv6aguuYYTYaEeJ70+ssh9JQZtJM3aTi55uuUMc YL3C3Ioth8FFwBFyBBprJCpsb+f8BxMp0Hc6I+f1wYVoGb/GAVQgGa41gsxiPGEJxvTV67APpp8z hZrTcY5Qj5ndYjCCBUgwggQwoAMCAQICECeMlak0fpR8Io4+aS7PnaswDQYJKoZIhvcNAQEFBQAw gd0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp Z24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZl cmlzaWduLmNvbS9ycGEgKGMpMDUxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUG A1UEAxMuVmVyaVNpZ24gQ2xhc3MgMSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0EgLSBHMjAeFw0w OTExMjAwMDAwMDBaFw0xMDExMjAyMzU5NTlaMIIBETEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x HzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5j b20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsT FVBlcnNvbmEgTm90IFZhbGlkYXRlZDEzMDEGA1UECxMqRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0 c2NhcGUgRnVsbCBTZXJ2aWNlMRUwEwYDVQQDFAxKYW1lcyBUdWNrZXIxITAfBgkqhkiG9w0BCQEW EmpmdHVja2VyQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOAB6yX/ 8ziknn0eW8pEvxNyz16y+pkpvHXtm09QNWS9UpWuyq2j1HDDW91sLqcla79IxYDGjRuuerfVLuFw 16lvZyENeb+NoajnA1Paow+taYqKuSQMNVjVFiy2ZPcZREKFOUUB+GkYLz6ErZ/2CB8esdB11Xya r/S2/8Qm3VM4xwaAf0Thq5zKimnkM+yXZEicYV8Ny+IxnxDMEvzolqJVdfMGnlbhcv1LFj96Rt9v kuV/J4lpmDTP1SXlIqprPFD4rC8Q54ktnhBjZt4jQkQ/RRE3f4GhnACpomSzjmw99Com6gT1/YaL tT00yCMwCxrGxgYT8em2XZ79HaIpW20CAwEAAaOBzDCByTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDsw OQYLYIZIAYb4RQEHFwEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3Jw YTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMEoGA1UdHwRDMEEw P6A9oDuGOWh0dHA6Ly9JbmRDMURpZ2l0YWxJRC1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRh bElELmNybDANBgkqhkiG9w0BAQUFAAOCAQEALH+Csg+lKzykCtckS9T/1M/b2LYbn1egArQeg1WN cj2xWet7/4eM+nnswKcQNYgDOI8hb6dwkB/aPPR/D9buUyQZzSeCoXFEpnAMFGcp5q2mxELBjHiu toKCBAKYjV9X8kcJYnW6ypJG+9UOL8JXEYU42i16UAQCizljT+lubYefVudNKNzpcTPbGJ0lF0zh q/HN5lEPBAhJsj8P79zMy96YQdLNli0ulVDwdv761+kyCtZlV3bBtQM9YHXBArUDC0Dr3ByzkrBG rKvVf+VmRXf82ytatHKNGantVZ51jhKTBylmm0OqVI/ZIS/IzGtKcTlakp91R5EuLI4NY6RKgjGC BIswggSHAgEBMIHyMIHdMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAd BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBo dHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA1MR4wHAYDVQQLExVQZXJzb25hIE5vdCBW YWxpZGF0ZWQxNzA1BgNVBAMTLlZlcmlTaWduIENsYXNzIDEgSW5kaXZpZHVhbCBTdWJzY3JpYmVy IENBIC0gRzICECeMlak0fpR8Io4+aS7PnaswCQYFKw4DAhoFAKCCAm0wGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkxMTI0MTAyMjQzWjAjBgkqhkiG9w0BCQQxFgQU 9L2NF5pxpW7/KOuMmegTGi/lLVYwggEDBgkrBgEEAYI3EAQxgfUwgfIwgd0xCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y azE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEg KGMpMDUxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUGA1UEAxMuVmVyaVNpZ24g Q2xhc3MgMSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0EgLSBHMgIQJ4yVqTR+lHwijj5pLs+dqzCC AQUGCyqGSIb3DQEJEAILMYH1oIHyMIHdMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24s IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9m IHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTA1MR4wHAYDVQQLExVQZXJz b25hIE5vdCBWYWxpZGF0ZWQxNzA1BgNVBAMTLlZlcmlTaWduIENsYXNzIDEgSW5kaXZpZHVhbCBT dWJzY3JpYmVyIENBIC0gRzICECeMlak0fpR8Io4+aS7PnaswDQYJKoZIhvcNAQEBBQAEggEAHd58 MAewkl5QqhlXo7AiUS97TlJQU+WT9VQS32YVKHI5yUofrnwWfcnoEYJizI/pXm1rt7b0NGS+vOXr En6rySSgJsO8kARftvCrwYceSnvdUeGhXqS5uZFo1IIio5oYBcuI6dKRTtpSm2Edxbev1/Ai+FwO 0hEqiv0UoCyiXpq+lItc5ObAYgmcmRDwviIhA11+qA9xNP5IWRi9RX6ifowI+2Z26euJuguanmRx UFpkWvxnMrsp+RTtSYp1Qs8A1wI0rDqAUNuGi0Tke6raMxCgrbfd9ENdg2D8bRJSB9pUNZ20PxJO TOZynXFuJffpkwx8zOOJypUD1kekofttQgAAAAAAAA== --Apple-Mail-1--569394931--