there is a concern around encode and decode non validated data that caught our attention.
could you give us your feedback if you think that it is possible that someone could
use malicious data in order to cause damage to the operation? (maybe some sort of data
garbage in http headers)
Hi Server team,
could you, please, take a look into the following lines in wgsi.py:
def build_environ(self, scope, body):
"SCRIPT_ NAME": scope.get( "root_path" , "").encode( "utf8") .decode( "latin1" ),
"PATH_ INFO": scope[" path"]. encode( "utf8") .decode( "latin1" ),
"QUERY_ STRING" : scope[" query_string" ].decode( "ascii" ),
...
environ = {
...
...
}
...
there is a concern around encode and decode non validated data that caught our attention.
could you give us your feedback if you think that it is possible that someone could
use malicious data in order to cause damage to the operation? (maybe some sort of data
garbage in http headers)
thank you very much.