Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ValueError: year is out of range #5925

Closed
1 task done
TrueBrain opened this issue Aug 1, 2021 · 3 comments · Fixed by #6012
Closed
1 task done

ValueError: year is out of range #5925

TrueBrain opened this issue Aug 1, 2021 · 3 comments · Fixed by #6012
Labels
bug

Comments

@TrueBrain
Copy link

Describe the bug

A bot is scanning one of my websites, and for some reason it is using this as header:

If-Modified-Since: Tue, 08 Oct 4446413 00:56:40 GMT

Not sure what the bot is smoking, but for sure that year is a bit odd. Now when I try request.if_modified_since aiohttp bails out with ValueError: year 4447131 is out of range.

I am not completely sure if this is a bug you want to address in this library, or if I should just capture the ValueError and ignore the if_modified_since header with these kind of weird values, but I at least wanted to let you know about this issue.

To Reproduce

Given this server:

from aiohttp import web

async def handle(request):
    if_modified_since = request.if_modified_since
    return web.Response(text="")

app = web.Application()
app.add_routes([web.get('/', handle)])
web.run_app(app)

Launch this curl against it:
curl -H "If-Modified-Since: Tue, 08 Oct 4446413 00:56:40 GMT" http://127.0.0.1:8080

Expected behavior

Graceful error, possibly even None, if the If-Modified-Since header cannot be parsed correctly.

Logs/tracebacks

Traceback (most recent call last):
  File ".env/lib/python3.8/site-packages/aiohttp/web_protocol.py", line 422, in _handle_request
    resp = await self._request_handler(request)
  File ".env/lib/python3.8/site-packages/aiohttp/web_app.py", line 499, in _handle
    resp = await handler(request)
  File "demonstration.py", line 4, in handle
    if_modified_since = request.if_modified_since
  File "aiohttp/_helpers.pyx", line 26, in aiohttp._helpers.reify.__get__
  File ".env/lib/python3.8/site-packages/aiohttp/web_request.py", line 484, in if_modified_since
    return self._http_date(self.headers.get(hdrs.IF_MODIFIED_SINCE))
  File ".env/lib/python3.8/site-packages/aiohttp/web_request.py", line 475, in _http_date
    return datetime.datetime(*timetuple[:6], tzinfo=datetime.timezone.utc)
ValueError: year 4446413 is out of range

Python Version

$ python --version
Python 3.8.5

aiohttp Version

$ python -m pip show aiohttp
Name: aiohttp
Version: 3.7.4.post0
Summary: Async http client/server framework (asyncio)
Home-page: https://github.com/aio-libs/aiohttp
Author: Nikolay Kim
Author-email: fafhrd91@gmail.com
License: Apache 2
Location: .env/lib/python3.8/site-packages
Requires: async-timeout, attrs, multidict, yarl, typing-extensions, chardet
Required-by:

multidict Version

$ python -m pip show multidict
Name: multidict
Version: 5.1.0
Summary: multidict implementation
Home-page: https://github.com/aio-libs/multidict
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache 2
Location: .env/lib/python3.8/site-packages
Requires: 
Required-by: yarl, aiohttp

yarl Version

$ python -m pip show yarl
Name: yarl
Version: 1.6.3
Summary: Yet another URL library
Home-page: https://github.com/aio-libs/yarl/
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache 2
Location: .env/lib/python3.8/site-packages
Requires: multidict, idna
Required-by: aiohttp

OS

Linux

Related component

Server

Additional context

No response

Code of Conduct

  • I agree to follow the aio-libs Code of Conduct
@TrueBrain TrueBrain added the bug label Aug 1, 2021
@Dreamsorcerer
Copy link
Member

Looks like it just passes directly to datetime. Atleast on my system datetime.MAXYEAR is 9999, so anything bigger than that will error.

Documentation, however, say we should be returning None on an invalid date:
https://docs.aiohttp.org/en/stable/web_reference.html?highlight=if_modified#aiohttp.web.BaseRequest.if_modified_since

@Dreamsorcerer
Copy link
Member

Dreamsorcerer commented Aug 1, 2021
edited
Loading

Looks like it could just be a with suppress(ValueError): around that line:

aiohttp/aiohttp/web_request.py

Line 487 in 33a38b8

return datetime.datetime(*timetuple[:6], tzinfo=datetime.timezone.utc)

Should be an easy fix, but will need to add a test to reproduce the error first. I'm short on time, but feel free to open a PR.

@hi-ogawa hi-ogawa mentioned this issue Sep 18, 2021
Merged
5 tasks
@hi-ogawa
Copy link
Contributor

hi-ogawa commented Sep 18, 2021
edited
Loading

Thanks @Dreamsorcerer for the guidance! I opened a PR based on your suggestion.
I just recently started to use aiohttp and was hoping to find some small bits of its internal I can look around to get the feeling of this library. Thanks contributors for making aiohttp!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(5925): suppress ValueError due to invalid datetime header hi-ogawa/aiohttp
3 participants
@TrueBrain @Dreamsorcerer @hi-ogawa