RuntimeError by URL with encoded newline (%0A) parameter

[juhoinkinen]

Description

Using a URL that includes an encoded newline character (%0A) as a parameter results in a RuntimeError.

Expected behaviour

No error.

Actual behaviour

Logs show

RuntimeError("Working outside of operation context. Make sure your app is wrapped in a ContextMiddleware and you're processing a request while accessing the context.")
Traceback (most recent call last):
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
    await app(scope, receive, sender)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/swagger_ui.py", line 222, in __call__
    await self.router(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/routing.py", line 756, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/routing.py", line 806, in app
    await self.default(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/swagger_ui.py", line 235, in default_fn
    await self.app(original_scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/routing.py", line 154, in __call__
    await self.router(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/routing.py", line 756, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/starlette/routing.py", line 806, in app
    await self.default(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/routing.py", line 48, in __call__
    await self.next_app(original_scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/abstract.py", line 268, in __call__
    await self.app(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/abstract.py", line 268, in __call__
    await self.app(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/abstract.py", line 268, in __call__
    await self.app(scope, receive, send)
  File "/home/lmyuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/lifespan.py", line 26, in __call__
    await self.next_app(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/middleware/abstract.py", line 268, in __call__
    await self.app(scope, receive, send)
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/apps/flask.py", line 151, in __call__
    return await self.asgi_app(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/a2wsgi/wsgi.py", line 165, in __call__
    return await responder(scope, receive, send)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/a2wsgi/wsgi.py", line 200, in __call__
    await self.loop.run_in_executor(
  File "/usr/lib/python3.11/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/a2wsgi/wsgi.py", line 256, in wsgi
    iterable = self.app(environ, start_response)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 1466, in wsgi_app
    response = self.handle_exception(e)
               ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 1463, in wsgi_app
    response = self.full_dispatch_request()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 872, in full_dispatch_request
    rv = self.handle_user_exception(e)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 870, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/flask/app.py", line 855, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/apps/flask.py", line 68, in __call__
    return self.fn(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/decorators/main.py", line 132, in wrapper
    request = self.framework.get_request(uri_parser=self.uri_parser)
                                                    ^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/connexion/decorators/main.py", line 72, in uri_parser
    uri_parser_class = self.uri_parser_class or operation.uri_parser_class
                                                ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/werkzeug/local.py", line 311, in __get__
    obj = instance._get_current_object()
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/myuser/git/connexion/venv/lib/python3.11/site-packages/werkzeug/local.py", line 508, in _get_current_object
    raise RuntimeError(unbound_message) from None
RuntimeError: Working outside of operation context. Make sure your app is wrapped in a ContextMiddleware and you're processing a request while accessing the context.
INFO:     127.0.0.1:51182 - "POST /openapi/greeting/dave%0Asmith HTTP/1.1" 500 Internal Server Error

and the console output is

{"type": "about:blank", "title": "Internal Server Error", "detail": "The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.", "status": 500}

Steps to reproduce

1. Start helloworld application from this repository examples/helloworld:

   python hello.py
   

2. Send a request with curl containing a URL encoded newline in the parameter (dave%0Asmith):

   curl -X 'POST'   'http://localhost:8080/openapi/greeting/dave%0Asmith'   -H 'accept: text/plain'   -H 'Content-Type: application/json'   -d '{}'
   

Additional info:

I have not observed other characters to raise this error. The other newline/linefeed characters (%0b, %0c) work as well like about 10 random samples I tried from this list.

I noticed this with a fuzzy test run by Schemathesis while working on upgrading to Connexion 3. On Connexion 2 this error does not arise, and this did not seem to be due to the upgraded Flask or Werkzeug versions, but I'm not quite sure.

Output of the commands:

• python --version
  • Python 3.11.8
• pip show connexion | grep "^Version\:"
  • Version: 3.0.6