Skip to content

Commit a29f568

Browse files
Reject overly long header names during normalization
Co-authored-by: Shri Sukhani <shrisukhani@users.noreply.github.com>
1 parent b25fb5b commit a29f568

File tree

4 files changed

+43
-0
lines changed

4 files changed

+43
-0
lines changed

hyperbrowser/header_utils.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
from .exceptions import HyperbrowserError
66

77
_INVALID_HEADER_NAME_CHARACTER_PATTERN = re.compile(r"[^!#$%&'*+\-.^_`|~0-9A-Za-z]")
8+
_MAX_HEADER_NAME_LENGTH = 256
89

910

1011
def normalize_headers(
@@ -27,6 +28,10 @@ def normalize_headers(
2728
normalized_key = key.strip()
2829
if not normalized_key:
2930
raise HyperbrowserError("header names must not be empty")
31+
if len(normalized_key) > _MAX_HEADER_NAME_LENGTH:
32+
raise HyperbrowserError(
33+
f"header names must be {_MAX_HEADER_NAME_LENGTH} characters or fewer"
34+
)
3035
if _INVALID_HEADER_NAME_CHARACTER_PATTERN.search(normalized_key):
3136
raise HyperbrowserError(
3237
"header names must contain only valid HTTP token characters"

tests/test_config.py

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -292,6 +292,15 @@ def test_client_config_rejects_invalid_header_name_characters():
292292
ClientConfig(api_key="test-key", headers={"X Trace": "value"})
293293

294294

295+
def test_client_config_rejects_overly_long_header_names():
296+
long_header_name = "X-" + ("a" * 255)
297+
298+
with pytest.raises(
299+
HyperbrowserError, match="header names must be 256 characters or fewer"
300+
):
301+
ClientConfig(api_key="test-key", headers={long_header_name: "value"})
302+
303+
295304
def test_client_config_rejects_newline_header_values():
296305
with pytest.raises(
297306
HyperbrowserError, match="headers must not contain newline characters"

tests/test_custom_headers.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,15 @@ def test_sync_transport_rejects_invalid_header_name_characters():
5252
SyncTransport(api_key="test-key", headers={"X Trace": "value"})
5353

5454

55+
def test_sync_transport_rejects_overly_long_header_names():
56+
long_header_name = "X-" + ("a" * 255)
57+
58+
with pytest.raises(
59+
HyperbrowserError, match="header names must be 256 characters or fewer"
60+
):
61+
SyncTransport(api_key="test-key", headers={long_header_name: "value"})
62+
63+
5564
def test_sync_transport_rejects_header_newline_values():
5665
with pytest.raises(
5766
HyperbrowserError, match="headers must not contain newline characters"
@@ -111,6 +120,15 @@ def test_async_transport_rejects_invalid_header_name_characters():
111120
AsyncTransport(api_key="test-key", headers={"X Trace": "value"})
112121

113122

123+
def test_async_transport_rejects_overly_long_header_names():
124+
long_header_name = "X-" + ("a" * 255)
125+
126+
with pytest.raises(
127+
HyperbrowserError, match="header names must be 256 characters or fewer"
128+
):
129+
AsyncTransport(api_key="test-key", headers={long_header_name: "value"})
130+
131+
114132
def test_async_transport_rejects_header_newline_values():
115133
with pytest.raises(
116134
HyperbrowserError, match="headers must not contain newline characters"

tests/test_header_utils.py

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,17 @@ def test_normalize_headers_rejects_empty_header_name():
2525
)
2626

2727

28+
def test_normalize_headers_rejects_overly_long_header_names():
29+
long_header_name = "X-" + ("a" * 255)
30+
with pytest.raises(
31+
HyperbrowserError, match="header names must be 256 characters or fewer"
32+
):
33+
normalize_headers(
34+
{long_header_name: "value"},
35+
mapping_error_message="headers must be a mapping of string pairs",
36+
)
37+
38+
2839
def test_normalize_headers_rejects_invalid_header_name_characters():
2940
with pytest.raises(
3041
HyperbrowserError,

0 commit comments

Comments
 (0)