Merge pull request #1782 from ogayot/fix-x-error-msg-cr-lf

api: encode x-error-msg as JSON - so it does not contain <CR> or <LF>
2023-09-04 09:35:43 +02:00 · 2023-09-04 09:35:43 +02:00 · 8e03050dbb
parent 674727595e b866bd2a56
commit 8e03050dbb
2 changed files with 6 additions and 2 deletions
--- a/subiquity/common/api/server.py
+++ b/subiquity/common/api/server.py
@ -14,6 +14,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import inspect
+import json
 import logging
 import os
 import traceback
@ -173,7 +174,10 @@ def _make_handler(
                    headers={
                        "x-status": "error",
                        "x-error-type": type(exc).__name__,
-                        "x-error-msg": str(exc),
+                        # aiohttp will reject a header if its value contains a
+                        # "\r" or "\n" character. By using compact JSON, we
+                        # ensure those characters are escaped.
+                        "x-error-msg": json.dumps(str(exc), indent=None),
                    },
                )
                resp["exception"] = exc
--- a/subiquity/common/api/tests/test_server.py
+++ b/subiquity/common/api/tests/test_server.py
@ -122,7 +122,7 @@ class TestBind(unittest.IsolatedAsyncioTestCase):
            self.assertEqual(resp.headers["x-status"], "error")
            self.assertEqual(resp.headers["x-error-type"], "TypeError")
            self.assertEqual(
-                resp.headers["x-error-msg"], 'missing required argument "arg"'
+                resp.headers["x-error-msg"], '"missing required argument \\"arg\\""'
            )

    async def test_error(self):