From 829a39f4cf33fb3eeb8d69f61f3e1e5cd531f5ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Tue, 19 Oct 2021 19:19:46 +0300 Subject: [PATCH] Fix hc.api.views.ping to handle non-utf8 data in request body Fixes: #574 --- CHANGELOG.md | 3 +++ hc/api/tests/test_ping.py | 9 +++++++++ hc/api/views.py | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68c1237e..c8088a54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ All notable changes to this project will be documented in this file. - Switch from croniter to cronsim (vendored in hc.lib.cronsim) - Change outgoing webhook timeout to 10s, but cap the total time to 20s +### Bug Fixes +- Fix hc.api.views.ping to handle non-utf8 data in request body (#574) + ## v1.23.1 - 2021-10-13 ### Bug Fixes diff --git a/hc/api/tests/test_ping.py b/hc/api/tests/test_ping.py index bd2b6d31..01d53738 100644 --- a/hc/api/tests/test_ping.py +++ b/hc/api/tests/test_ping.py @@ -254,3 +254,12 @@ class PingTestCase(BaseTestCase): def test_it_rejects_exit_status_over_255(self): r = self.client.get(self.url + "/256") self.assertEqual(r.status_code, 400) + + def test_it_handles_bad_unicode(self): + csrf_client = Client(enforce_csrf_checks=True) + r = csrf_client.post(self.url, b"Hello \xe9 World", content_type="text/plain") + self.assertEqual(r.status_code, 200) + + ping = Ping.objects.get() + self.assertEqual(ping.method, "POST") + self.assertEqual(ping.body, "Hello � World") diff --git a/hc/api/views.py b/hc/api/views.py index aec09cc6..76e9ed6f 100644 --- a/hc/api/views.py +++ b/hc/api/views.py @@ -47,7 +47,7 @@ def ping(request, code, check=None, action="success", exitstatus=None): scheme = headers.get("HTTP_X_FORWARDED_PROTO", "http") method = headers["REQUEST_METHOD"] ua = headers.get("HTTP_USER_AGENT", "") - body = request.body.decode() + body = request.body.decode(errors="replace") if exitstatus is not None and exitstatus > 0: action = "fail"