1
- # Claude Debug
1
+ # Claude Debug
2
2
"""Test for HackerOne vulnerability report #3156202 - malformed input DOS."""
3
3
4
4
import anyio
@@ -38,7 +38,7 @@ async def test_malformed_initialize_request_does_not_crash_server():
38
38
method = "initialize" ,
39
39
# params=None # Missing required params field
40
40
)
41
-
41
+
42
42
# Wrap in session message
43
43
request_message = SessionMessage (message = JSONRPCMessage (malformed_request ))
44
44
@@ -54,22 +54,22 @@ async def test_malformed_initialize_request_does_not_crash_server():
54
54
):
55
55
# Send the malformed request
56
56
await read_send_stream .send (request_message )
57
-
57
+
58
58
# Give the session time to process the request
59
59
await anyio .sleep (0.1 )
60
-
60
+
61
61
# Check that we received an error response instead of a crash
62
62
try :
63
63
response_message = write_receive_stream .receive_nowait ()
64
64
response = response_message .message .root
65
-
65
+
66
66
# Verify it's a proper JSON-RPC error response
67
67
assert isinstance (response , JSONRPCError )
68
68
assert response .jsonrpc == "2.0"
69
69
assert response .id == "f20fe86132ed4cd197f89a7134de5685"
70
70
assert response .error .code == INVALID_PARAMS
71
71
assert "Invalid request parameters" in response .error .message
72
-
72
+
73
73
# Verify the session is still alive and can handle more requests
74
74
# Send another malformed request to confirm server stability
75
75
another_malformed_request = JSONRPCRequest (
@@ -81,18 +81,18 @@ async def test_malformed_initialize_request_does_not_crash_server():
81
81
another_request_message = SessionMessage (
82
82
message = JSONRPCMessage (another_malformed_request )
83
83
)
84
-
84
+
85
85
await read_send_stream .send (another_request_message )
86
86
await anyio .sleep (0.1 )
87
-
87
+
88
88
# Should get another error response, not a crash
89
89
second_response_message = write_receive_stream .receive_nowait ()
90
90
second_response = second_response_message .message .root
91
-
91
+
92
92
assert isinstance (second_response , JSONRPCError )
93
93
assert second_response .id == "test_id_2"
94
94
assert second_response .error .code == INVALID_PARAMS
95
-
95
+
96
96
except anyio .WouldBlock :
97
97
pytest .fail ("No response received - server likely crashed" )
98
98
finally :
@@ -140,14 +140,14 @@ async def test_multiple_concurrent_malformed_requests():
140
140
message = JSONRPCMessage (malformed_request )
141
141
)
142
142
malformed_requests .append (request_message )
143
-
143
+
144
144
# Send all requests
145
145
for request in malformed_requests :
146
146
await read_send_stream .send (request )
147
-
147
+
148
148
# Give time to process
149
149
await anyio .sleep (0.2 )
150
-
150
+
151
151
# Verify we get error responses for all requests
152
152
error_responses = []
153
153
try :
@@ -156,10 +156,10 @@ async def test_multiple_concurrent_malformed_requests():
156
156
error_responses .append (response_message .message .root )
157
157
except anyio .WouldBlock :
158
158
pass # No more messages
159
-
159
+
160
160
# Should have received 10 error responses
161
161
assert len (error_responses ) == 10
162
-
162
+
163
163
for i , response in enumerate (error_responses ):
164
164
assert isinstance (response , JSONRPCError )
165
165
assert response .id == f"malformed_{ i } "
@@ -169,4 +169,4 @@ async def test_multiple_concurrent_malformed_requests():
169
169
await read_send_stream .aclose ()
170
170
await write_send_stream .aclose ()
171
171
await read_receive_stream .aclose ()
172
- await write_receive_stream .aclose ()
172
+ await write_receive_stream .aclose ()
0 commit comments