diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2020-01-16 22:55:52 +0300 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2020-02-05 01:05:40 +0300 |
commit | e2c8f89b7572a7aea62927923e425bbd7725dca2 (patch) | |
tree | 6fab38c576f4fd45555e8230ec5c127fd2edeeac | |
parent | 49f4220ce5b92bec68c040f46823e55c27d50517 (diff) |
test: using TE to smuggle reqs is not possible
See: https://hackerone.com/reports/735748
PR-URL: https://github.com/nodejs-private/node-private/pull/192
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
-rw-r--r-- | test/parallel/test-http-invalid-te.js | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/test/parallel/test-http-invalid-te.js b/test/parallel/test-http-invalid-te.js new file mode 100644 index 00000000000..0f633a74551 --- /dev/null +++ b/test/parallel/test-http-invalid-te.js @@ -0,0 +1,40 @@ +'use strict'; + +const common = require('../common'); + +// Test https://hackerone.com/reports/735748 is fixed. + +const assert = require('assert'); +const http = require('http'); +const net = require('net'); + +const REQUEST_BB = `POST / HTTP/1.1 +Content-Type: text/plain; charset=utf-8 +Host: hacker.exploit.com +Connection: keep-alive +Content-Length: 10 +Transfer-Encoding: chunked, eee + +HELLOWORLDPOST / HTTP/1.1 +Content-Type: text/plain; charset=utf-8 +Host: hacker.exploit.com +Connection: keep-alive +Content-Length: 28 + +I AM A SMUGGLED REQUEST!!! +`; + +const server = http.createServer(common.mustNotCall()); + +server.on('clientError', common.mustCall((err) => { + assert.strictEqual(err.code, 'HPE_UNEXPECTED_CONTENT_LENGTH'); + server.close(); +})); + +server.listen(0, common.mustCall(() => { + const client = net.connect( + server.address().port, + common.mustCall(() => { + client.end(REQUEST_BB.replace(/\n/g, '\r\n')); + })); +})); |