test: using TE to smuggle reqs is not possible

See: https://hackerone.com/reports/735748 PR-URL: https://github.com/nodejs-private/node-private/pull/192 Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
author: Sam Roberts <vieuxtech@gmail.com> 2020-01-16 22:55:52 +0300
committer: Sam Roberts <vieuxtech@gmail.com> 2020-02-05 01:06:54 +0300
commit: 9cd155eb4a6d2538453f15c550913af68b74e7ae (patch)
tree: f1c49bbdeb6b017cf5c29f6bb74f27abe3ede787
parent: 25d6011912f68a6a94da08678dbe1ad5d2f6f6a0 (diff)
3 files changed, 51 insertions, 1 deletions
diff --git a/test/parallel/test-http-client-error-rawbytes.js b/test/parallel/test-http-client-error-rawbytes.js
index 909fcc796ad..c0ea16a6432 100644
--- a/test/parallel/test-http-client-error-rawbytes.js
+++ b/test/parallel/test-http-client-error-rawbytes.js
@@ -19,7 +19,7 @@ server.listen(0, common.mustCall(() => {
   const req = http.get(`http://localhost:${server.address().port}/`);
   req.end();
   req.on('error', common.mustCall((err) => {
-    const reason = 'Content-Length can\'t be present with chunked encoding';
+    const reason = 'Content-Length can\'t be present with Transfer-Encoding';
     assert.strictEqual(err.message, `Parse Error: ${reason}`);
     assert(err.bytesParsed < response.length);
     assert(err.bytesParsed >= response.indexOf('Transfer-Encoding'));
diff --git a/test/parallel/test-http-invalid-te-legacy.js b/test/parallel/test-http-invalid-te-legacy.js
new file mode 100644
index 00000000000..cbb3c00fc42
--- /dev/null
+++ b/test/parallel/test-http-invalid-te-legacy.js
@@ -0,0 +1,10 @@
+// Flags: --http-parser=legacy
+
+'use strict';
+
+// Test https://hackerone.com/reports/735748 is fixed.
+// Test should pass with legacy parser, not just the default.
+
+require('../common');
+
+require('./test-http-invalid-te-legacy.js');
diff --git a/test/parallel/test-http-invalid-te.js b/test/parallel/test-http-invalid-te.js
new file mode 100644
index 00000000000..0f633a74551
--- /dev/null
+++ b/test/parallel/test-http-invalid-te.js
@@ -0,0 +1,40 @@
+'use strict';
+
+const common = require('../common');
+
+// Test https://hackerone.com/reports/735748 is fixed.
+
+const assert = require('assert');
+const http = require('http');
+const net = require('net');
+
+const REQUEST_BB = `POST / HTTP/1.1
+Content-Type: text/plain; charset=utf-8
+Host: hacker.exploit.com
+Connection: keep-alive
+Content-Length: 10
+Transfer-Encoding: chunked, eee
+
+HELLOWORLDPOST / HTTP/1.1
+Content-Type: text/plain; charset=utf-8
+Host: hacker.exploit.com
+Connection: keep-alive
+Content-Length: 28
+
+I AM A SMUGGLED REQUEST!!!
+`;
+
+const server = http.createServer(common.mustNotCall());
+
+server.on('clientError', common.mustCall((err) => {
+  assert.strictEqual(err.code, 'HPE_UNEXPECTED_CONTENT_LENGTH');
+  server.close();
+}));
+
+server.listen(0, common.mustCall(() => {
+  const client = net.connect(
+    server.address().port,
+    common.mustCall(() => {
+      client.end(REQUEST_BB.replace(/\n/g, '\r\n'));
+    }));
+}));
author	Sam Roberts <vieuxtech@gmail.com>	2020-01-16 22:55:52 +0300
committer	Sam Roberts <vieuxtech@gmail.com>	2020-02-05 01:06:54 +0300
commit	9cd155eb4a6d2538453f15c550913af68b74e7ae (patch)
tree	f1c49bbdeb6b017cf5c29f6bb74f27abe3ede787
parent	25d6011912f68a6a94da08678dbe1ad5d2f6f6a0 (diff)