Skip to content

If URL has bad UTF-8 this will blow up and other error handling can't work around it. #3580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
twiggy opened this issue Jun 12, 2025 · 0 comments
Open

If URL has bad UTF-8 this will blow up and other error handling can't work around it. #3580

twiggy opened this issue Jun 12, 2025 · 0 comments

Comments

@twiggy
Copy link

twiggy commented Jun 12, 2025

opentelemetry-python-contrib/instrumentation/opentelemetry-instrumentation-pyramid/src/opentelemetry/instrumentation/pyramid/callbacks.py

Line 165 in 59cc34e

if _excluded_urls.url_disabled(request.url):

Once request.url is referenced it tries to utf-8 decode. if there are bad continuation bytes this causes an error.

I would think pyramid should test this prior to any request being processed and probably should have a high level callback for bad requests that would result 400/401 type responses.

a/CPX_210929101749/0%DE~%C7%1FY
The above URL should trigger the issue with even a basic hello world app. Might have to change the path a bit.

I can't find any workaround in python. Might be able to use nginx/WAF etc to block prior to hitting the application. If these get through we just throw a 404, but the tween OTEL is using is too low level to workaround.

The fix would probably be to wrap in a try/except on reference to request.url. if you get an error you should handle like an excluded url.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@twiggy