request.url.query is empty when Host header is ended with #

[bbangjooo]

Hello,
I found that request.url is made from Host header(URL class).
So when I send Host header ended with #, request.url.query is empty but request.query_params still contains query strings. This behavior is also occured between request.url.path and request.path_params

example :

1. index.py(server):

import logging
import uvicorn
from starlette.applications import Starlette
from starlette.responses import JSONResponse
from starlette.routing import Route

def homepage(request):
    print(f'request.url: {request.url}')
    print(f'\nrequest.url.query: {request.url.query}')
    print(f'request.query_params: {request.query_params}')
    print(f'\nrequest.url.path: {request.url.path}')
    print(f'request.path_params: {request.path_params}')
    print(f'\nrequest.query_params.keys() {request.query_params.keys()}')
    return JSONResponse({'hello': 'world'})


routes = [
    Route("/{username}", endpoint=homepage)
]

app = Starlette(debug=True, routes=routes)

if __name__ == "__main__":
    logging.info("Starting Starlette Server")
    uvicorn.run(app, host="0.0.0.0", port=3000)

2. run the server

$ uvicorn index:app

3. send request with Host header ended with #

from requests import *

url = "http://localhost:8000"
def test():
    p = "/bbangjo?key1=value1&key2=value2"
    h = {
        'Host': 'localhost:8000#'
    }
    r = get(url+p, headers=h)

if __name__ == "__main__":
    test()

4. check the stdout from server:

request.url: http://localhost:8000#/bbangjo?key1=value1&key2=value2

request.url.query:
request.query_params: key1=value1&key2=value2

request.url.path:
request.path_params: {'username': 'bbangjo'}

request.query_params.keys() dict_keys(['key1', 'key2'])
INFO:     127.0.0.1:45962 - "GET /bbangjo?key1=value1&key2=value2 HTTP/1.1" 200 OK

I think the example is not intended behavior.

Expected impact

If server owner sanitize or filter their incoming request using request.url.query or request.url.path for any reason, It will be bypassed by sending request with Host header ended with #