diff --git a/README.rst b/README.rst index ca85ba5..3a2bbe9 100644 --- a/README.rst +++ b/README.rst @@ -30,7 +30,7 @@ Endpoint Description `/delete` Returns DELETE data `/gzip`_ Returns gzip-encoded data. `/deflate`_ Returns deflate-encoded data. -`/status/:code`_ Returns given HTTP Status code. +`/status/:code`_ Returns given HTTP Status code or random if more than one are given. `/response-headers`_ Returns given response headers. `/redirect/:n`_ 302 Redirects *n* times. `/redirect-to?url=foo`_ 302 Redirects to the *foo* URL. diff --git a/httpbin/core.py b/httpbin/core.py index e3ca094..50e7524 100644 --- a/httpbin/core.py +++ b/httpbin/core.py @@ -294,7 +294,10 @@ def view_status_code(codes): """Return status code or random status code if more than one are given""" if ',' not in codes: - code = int(codes) + try: + code = int(codes) + except ValueError: + return Response('Invalid status code', status=400) return status_code(code) choices = [] @@ -305,7 +308,10 @@ def view_status_code(codes): else: code, weight = choice.split(':') - choices.append((int(code), float(weight))) + try: + choices.append((int(code), float(weight))) + except ValueError: + return Response('Invalid status code', status=400) code = weighted_choice(choices) diff --git a/test_httpbin.py b/test_httpbin.py index 321a818..edb7ed6 100755 --- a/test_httpbin.py +++ b/test_httpbin.py @@ -373,6 +373,14 @@ class HttpbinTestCase(unittest.TestCase): response = self.app.open(path='/status/418', method=m) self.assertEqual(response.status_code, 418) + def test_status_endpoint_invalid_code(self): + response = self.app.get(path='/status/4!9') + self.assertEqual(response.status_code, 400) + + def test_status_endpoint_invalid_codes(self): + response = self.app.get(path='/status/200,402,foo') + self.assertEqual(response.status_code, 400) + def test_xml_endpoint(self): response = self.app.get(path='/xml') self.assertEqual(