Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RuntimeError by URL with encoded newline (%0A) parameter #1908

Open
juhoinkinen opened this issue Apr 5, 2024 · 0 comments
Open

RuntimeError by URL with encoded newline (%0A) parameter #1908

juhoinkinen opened this issue Apr 5, 2024 · 0 comments

Comments

@juhoinkinen
Copy link

Description

Using a URL that includes an encoded newline character (%0A) as a parameter results in a RuntimeError.

Expected behaviour

No error.

Actual behaviour

Logs show

RuntimeError("Working outside of operation context. Make sure your app is wrapped in a ContextMiddleware and you're processing a request while accessing the context.")
Traceback (most recent call last):
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
    await app(scope, receive, sender)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/swagger_ui.py", line 222, in __call__
    await self.router(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/routing.py", line 756, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/routing.py", line 806, in app
    await self.default(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/swagger_ui.py", line 235, in default_fn
    await self.app(original_scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/routing.py", line 154, in __call__
    await self.router(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/routing.py", line 756, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/routing.py", line 806, in app
    await self.default(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/routing.py", line 48, in __call__
    await self.next_app(original_scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/abstract.py", line 268, in __call__
    await self.app(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/abstract.py", line 268, in __call__
    await self.app(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/abstract.py", line 268, in __call__
    await self.app(scope, receive, send)
  File "/home/lmyuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/lifespan.py", line 26, in __call__
    await self.next_app(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/abstract.py", line 268, in __call__
    await self.app(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/apps/flask.py", line 151, in __call__
    return await self.asgi_app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/a2wsgi/wsgi.py", line 165, in __call__
    return await responder(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/a2wsgi/wsgi.py", line 200, in __call__
    await self.loop.run_in_executor(
  File "/usr/lib/python3.11/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/a2wsgi/wsgi.py", line 256, in wsgi
    iterable = self.app(environ, start_response)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 1466, in wsgi_app
    response = self.handle_exception(e)
               ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 1463, in wsgi_app
    response = self.full_dispatch_request()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 872, in full_dispatch_request
    rv = self.handle_user_exception(e)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 870, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 855, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/apps/flask.py", line 68, in __call__
    return self.fn(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/decorators/main.py", line 132, in wrapper
    request = self.framework.get_request(uri_parser=self.uri_parser)
                                                    ^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/decorators/main.py", line 72, in uri_parser
    uri_parser_class = self.uri_parser_class or operation.uri_parser_class
                                                ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/werkzeug/local.py", line 311, in __get__
    obj = instance._get_current_object()
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/werkzeug/local.py", line 508, in _get_current_object
    raise RuntimeError(unbound_message) from None
RuntimeError: Working outside of operation context. Make sure your app is wrapped in a ContextMiddleware and you're processing a request while accessing the context.
INFO:     127.0.0.1:51182 - "POST /openapi/greeting/dave%0Asmith HTTP/1.1" 500 Internal Server Error

and the console output is

{"type": "about:blank", "title": "Internal Server Error", "detail": "The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.", "status": 500}

Steps to reproduce

  1. Start helloworld application from this repository examples/helloworld:

    python hello.py

  2. Send a request with curl containing a URL encoded newline in the parameter (dave%0Asmith):

    curl -X 'POST'   'http://localhost:8080/openapi/greeting/dave%0Asmith'   -H 'accept: text/plain'   -H 'Content-Type: application/json'   -d '{}'

Additional info:

I have not observed other characters to raise this error. The other newline/linefeed characters (%0b, %0c) work as well like about 10 random samples I tried from this list.

I noticed this with a fuzzy test run by Schemathesis while working on upgrading to Connexion 3. On Connexion 2 this error does not arise, and this did not seem to be due to the upgraded Flask or Werkzeug versions, but I'm not quite sure.

Output of the commands:

  • python --version
    • Python 3.11.8
  • pip show connexion | grep "^Version\:"
    • Version: 3.0.6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@juhoinkinen