Skip to content

fix(rest): tolerate malformed x-ratelimit-reset in 429 handling #761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(rest): tolerate malformed x-ratelimit-reset in 429 handling #761

wants to merge 1 commit into from

Conversation

@MegaManSec
Copy link

@MegaManSec MegaManSec commented Oct 31, 2025

Response.content() cast the x-ratelimit-reset header to int without validation. If a 429 response included a non-integer (or garbage) value, int() raised ValueError and the call crashed instead of raising a structured RateLimitError. Parse defensively and fall back to -1 when missing/malformed so clients always receive RateLimitError as intended.

Testing

Simulate a server response with something like this:

from auth0.exceptions import RateLimitError
from auth0.rest import Response

bad_headers = {"x-ratelimit-reset": "NaN"}  # or any non-integer
r = Response(429, {"error":"rate_limited"}, bad_headers)
r.content()  # raises ValueError today (expected: RateLimitError with reset_at=-1)

Checklist

@MegaManSec
fix(rest): tolerate malformed x-ratelimit-reset in 429 handling
85e37e0 
`Response.content()` cast the `x-ratelimit-reset` header to int without validation.
If a 429 response included a non-integer (or garbage) value, `int()` raised
ValueError and the call crashed instead of raising a structured `RateLimitError`.
Parse defensively and fall back to `-1` when missing/malformed so clients always
receive `RateLimitError` as intended.

Signed-off-by: Joshua Rogers <[email protected]>
@MegaManSec MegaManSec requested a review from a team as a code owner October 31, 2025 05:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MegaManSec