(self, request: bool)
| 650 | return False |
| 651 | |
| 652 | def check_invalid(self, request: bool) -> layer.CommandGenerator[bool]: |
| 653 | err: str | None = None |
| 654 | if request: |
| 655 | err = validate_request( |
| 656 | self.mode, |
| 657 | self.flow.request, |
| 658 | self.context.options.validate_inbound_headers, |
| 659 | ) |
| 660 | elif self.context.options.validate_inbound_headers: |
| 661 | assert self.flow.response is not None |
| 662 | try: |
| 663 | validate_headers(self.flow.response) |
| 664 | except ValueError as e: |
| 665 | err = ( |
| 666 | f"Received {e} from server, refusing to prevent request smuggling attacks. " |
| 667 | "Disable the validate_inbound_headers option to skip this security check." |
| 668 | ) |
| 669 | |
| 670 | if err: |
| 671 | self.flow.error = flow.Error(err) |
| 672 | |
| 673 | if request: |
| 674 | # flow has not been seen yet, register it. |
| 675 | yield HttpRequestHeadersHook(self.flow) |
| 676 | else: |
| 677 | # immediately kill server connection |
| 678 | yield commands.CloseConnection(self.flow.server_conn) |
| 679 | yield HttpErrorHook(self.flow) |
| 680 | yield SendHttp( |
| 681 | ResponseProtocolError( |
| 682 | self.stream_id, |
| 683 | err, |
| 684 | ErrorCode.REQUEST_VALIDATION_FAILED |
| 685 | if request |
| 686 | else ErrorCode.RESPONSE_VALIDATION_FAILED, |
| 687 | ), |
| 688 | self.context.client, |
| 689 | ) |
| 690 | self.flow.live = False |
| 691 | self.client_state = self.server_state = self.state_errored |
| 692 | return True |
| 693 | else: |
| 694 | return False |
| 695 | |
| 696 | def check_killed(self, emit_error_hook: bool) -> layer.CommandGenerator[bool]: |
| 697 | killed_by_us = ( |
no test coverage detected