From d08cbc69837ad3867de16df2e6c7b28862319b4c Mon Sep 17 00:00:00 2001
From: Kotesh Kumar Yelamati <yelamatikoteshkumar@gmail.com>
Date: Wed, 17 Jun 2026 17:19:30 -0400
Subject: [PATCH 1/2] fix(etag): reject codepoints above 0xFF in ETag.parse

---
 .../dexpace-sdk-core/src/dexpace/sdk/core/http/common/etag.py   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/dexpace-sdk-core/src/dexpace/sdk/core/http/common/etag.py b/packages/dexpace-sdk-core/src/dexpace/sdk/core/http/common/etag.py
index 41797d9..1828f6b 100644
--- a/packages/dexpace-sdk-core/src/dexpace/sdk/core/http/common/etag.py
+++ b/packages/dexpace-sdk-core/src/dexpace/sdk/core/http/common/etag.py
@@ -103,7 +103,7 @@ def parse(cls, raw: str) -> Self:
         # RFC 7232 §2.3: etagc = %x21 / %x23-7E / obs-text. Everything at or
         # below SP (0x20) and DEL (0x7F) is outside the entity-tag character
         # set; obs-text (0x80-0xFF) stays permitted.
-        if any(ord(ch) <= 0x20 or ord(ch) == 0x7F for ch in value):
+        if any(ord(ch) <= 0x20 or ord(ch) == 0x7F or ord(ch) > 0xFF for ch in value):
             raise ValueError(f"Invalid ETag: illegal character in {raw!r}")
         return cls(value=value, weak=weak)
 

From 938f4d8d9e623dd2d88d25420ff27a592207e050 Mon Sep 17 00:00:00 2001
From: Kotesh Kumar Yelamati <yelamatikoteshkumar@gmail.com>
Date: Wed, 17 Jun 2026 17:24:36 -0400
Subject: [PATCH 2/2] test(etag): add regression test for codepoints above 0xFF

Add test for parsing invalid entity-tag characters above obs-text.
---
 packages/dexpace-sdk-core/tests/http/test_etag.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/packages/dexpace-sdk-core/tests/http/test_etag.py b/packages/dexpace-sdk-core/tests/http/test_etag.py
index 7b991d7..ad3c127 100644
--- a/packages/dexpace-sdk-core/tests/http/test_etag.py
+++ b/packages/dexpace-sdk-core/tests/http/test_etag.py
@@ -58,6 +58,13 @@ def test_parse_embedded_space_raises() -> None:
         ETag.parse('"a b"')
 
 
+def test_parse_above_obs_text_raises() -> None:
+        # RFC 7232 §2.3: obs-text tops out at 0xFF; codepoints above
+        # that (e.g. U+20AC) are not valid entity-tag characters.
+        with pytest.raises(ValueError):
+            ETag.parse('"a€b"')
+
+
 def test_parse_empty_strong_etag_raises() -> None:
     with pytest.raises(ValueError, match="empty"):
         ETag.parse('""')