From 10f54a354d4668fdee2d51750d9064cc2e8b6a88 Mon Sep 17 00:00:00 2001
From: John Turner <jturner.usa@gmail.com>
Date: Fri, 26 Sep 2025 03:08:25 -0400
Subject: handle invalid keys by returning HTTPBadRequest

---
 pypaste/server/__init__.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pypaste/server/__init__.py b/pypaste/server/__init__.py
index 582d4f8..1c40f71 100644
--- a/pypaste/server/__init__.py
+++ b/pypaste/server/__init__.py
@@ -160,7 +160,13 @@ class App:
             return web.HTTPBadRequest(text="provide a key to fetch")
 
         try:
-            paste = await self.storage.retrieve(dehumanize(key))
+            dehumanized_key = dehumanize(key)
+        except Exception as e:
+            log_warning(f"invalid key parameter: {key}: {e}")
+            return web.HTTPBadRequest(text="invalid key")
+
+        try:
+            paste = await self.storage.retrieve(dehumanized_key)
         except Exception as e:
             log_error(f"failed to retrieve paste {key}: {e}")
             return web.HTTPInternalServerError()
-- 
cgit v1.2.3