Skip to content

Fix premature SSE event split on embedded line endings #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TheSandDoctor wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Fix premature SSE event split on embedded line endings #70

TheSandDoctor wants to merge 4 commits into from

Conversation

@TheSandDoctor
Copy link
Collaborator

@TheSandDoctor TheSandDoctor commented Jun 4, 2025

Fixes bug #28 by changing how lines are parsed. Previously if a double line ending was embedded in the event it could trip up SSEClient and return early, resulting in an unterminated string/ValueError. This also helps to resolve a vulnerability identified by @decatur in this comment by eliminating a regular expression application on all buffered data for each chunk.

TheSandDoctor and others added 4 commits June 2, 2025 21:29
@TheSandDoctor
Create test for premature truncation introduced by newlines
984d4db 
Relating to btubbs#28
@TheSandDoctor
Fix premature SSE event split on embedded line endings
1385188 
Fixes bug btubbs#28 by changing how lines are parsed. Previously if a double
line ending was embedded in the vent it could trip up SSEClient and
return early, resulting in an unteriminated string/ValueError.
@TheSandDoctor
Expand the test for 28 to include all 3 formats, renamed test
4dae4d2 
Expanded the test to include tests to cover CR, LF, CRLF instead of just
LF (newline) and renamed the test to be more descriptive as to its
purpose.
@TheSandDoctor
Merge branch 'btubbs:master' into fix/iss28
c538ff6
@TheSandDoctor TheSandDoctor self-assigned this Jun 4, 2025
@TheSandDoctor
Copy link
Collaborator Author

TheSandDoctor commented Jun 4, 2025
edited
Loading

This has been in continuous testing since last night but going to run it on the Wikimedia feed for a couple of days just to make sure that everything is working as desired, especially considering the relative rarity/randomness of the offending event message firing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@TheSandDoctor TheSandDoctor

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TheSandDoctor