diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2020-01-16 22:55:52 +0300 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2020-02-05 01:06:54 +0300 |
commit | 9cd155eb4a6d2538453f15c550913af68b74e7ae (patch) | |
tree | f1c49bbdeb6b017cf5c29f6bb74f27abe3ede787 | |
parent | 25d6011912f68a6a94da08678dbe1ad5d2f6f6a0 (diff) |
test: using TE to smuggle reqs is not possible
See: https://hackerone.com/reports/735748
PR-URL: https://github.com/nodejs-private/node-private/pull/192
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
-rw-r--r-- | test/parallel/test-http-client-error-rawbytes.js | 2 | ||||
-rw-r--r-- | test/parallel/test-http-invalid-te-legacy.js | 10 | ||||
-rw-r--r-- | test/parallel/test-http-invalid-te.js | 40 |
3 files changed, 51 insertions, 1 deletions
diff --git a/test/parallel/test-http-client-error-rawbytes.js b/test/parallel/test-http-client-error-rawbytes.js index 909fcc796ad..c0ea16a6432 100644 --- a/test/parallel/test-http-client-error-rawbytes.js +++ b/test/parallel/test-http-client-error-rawbytes.js @@ -19,7 +19,7 @@ server.listen(0, common.mustCall(() => { const req = http.get(`http://localhost:${server.address().port}/`); req.end(); req.on('error', common.mustCall((err) => { - const reason = 'Content-Length can\'t be present with chunked encoding'; + const reason = 'Content-Length can\'t be present with Transfer-Encoding'; assert.strictEqual(err.message, `Parse Error: ${reason}`); assert(err.bytesParsed < response.length); assert(err.bytesParsed >= response.indexOf('Transfer-Encoding')); diff --git a/test/parallel/test-http-invalid-te-legacy.js b/test/parallel/test-http-invalid-te-legacy.js new file mode 100644 index 00000000000..cbb3c00fc42 --- /dev/null +++ b/test/parallel/test-http-invalid-te-legacy.js @@ -0,0 +1,10 @@ +// Flags: --http-parser=legacy + +'use strict'; + +// Test https://hackerone.com/reports/735748 is fixed. +// Test should pass with legacy parser, not just the default. + +require('../common'); + +require('./test-http-invalid-te-legacy.js'); diff --git a/test/parallel/test-http-invalid-te.js b/test/parallel/test-http-invalid-te.js new file mode 100644 index 00000000000..0f633a74551 --- /dev/null +++ b/test/parallel/test-http-invalid-te.js @@ -0,0 +1,40 @@ +'use strict'; + +const common = require('../common'); + +// Test https://hackerone.com/reports/735748 is fixed. + +const assert = require('assert'); +const http = require('http'); +const net = require('net'); + +const REQUEST_BB = `POST / HTTP/1.1 +Content-Type: text/plain; charset=utf-8 +Host: hacker.exploit.com +Connection: keep-alive +Content-Length: 10 +Transfer-Encoding: chunked, eee + +HELLOWORLDPOST / HTTP/1.1 +Content-Type: text/plain; charset=utf-8 +Host: hacker.exploit.com +Connection: keep-alive +Content-Length: 28 + +I AM A SMUGGLED REQUEST!!! +`; + +const server = http.createServer(common.mustNotCall()); + +server.on('clientError', common.mustCall((err) => { + assert.strictEqual(err.code, 'HPE_UNEXPECTED_CONTENT_LENGTH'); + server.close(); +})); + +server.listen(0, common.mustCall(() => { + const client = net.connect( + server.address().port, + common.mustCall(() => { + client.end(REQUEST_BB.replace(/\n/g, '\r\n')); + })); +})); |