When Gunicorn receives a request with a null byte in a URI, it does not reject the request. Null bytes are not permitted within request URIs as per the grammar in the RFCs, so requests with null bytes in URIs should be rejected with status 400.

To see this for yourself,

1. Start a simple Gunicorn server that echoes the URI, such as this one:

python3 -m gunicorn --worker-class=gevent --workers=1 --worker-connections=1000 --bind 0.0.0.0:80 server:app

2. Send it a request with a NUL in the URI:

printf 'GET /\x00 HTTP/1.1\r\nHost: whatever\r\n\r\n' \
    | ncat localhost 80 \
    | grep "uri" \
    | jq'.["uri"]' \
    | xargs echo \
    | base64 -d \
    | xxd

3. Observe that Gunicorn considers the NUL to be part of the URI, and does not reject the request:

00000000: 2f00                                     /.