diff options
author | Matteo Collina <hello@matteocollina.com> | 2021-08-25 18:06:51 +0200 |
---|---|---|
committer | Beth Griggs <bgriggs@redhat.com> | 2021-10-11 16:46:09 +0100 |
commit | 0858587f214a989a3ae29cd20727798f914103fe (patch) | |
tree | 0657a56e9748daa8ea231f4a109c585c7839d9dc | |
parent | 21a2e554e3eaa325abbdb28f366928d0ccc0a0f0 (diff) | |
download | node-new-0858587f214a989a3ae29cd20727798f914103fe.tar.gz |
http: add regression test for chunked smuggling
PR-URL: https://github.com/nodejs-private/node-private/pull/286
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
-rw-r--r-- | test/parallel/test-http-chunked-smuggling.js | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/test/parallel/test-http-chunked-smuggling.js b/test/parallel/test-http-chunked-smuggling.js new file mode 100644 index 0000000000..6ea2614835 --- /dev/null +++ b/test/parallel/test-http-chunked-smuggling.js @@ -0,0 +1,43 @@ +'use strict'; + +const common = require('../common'); +const http = require('http'); +const net = require('net'); +const assert = require('assert'); + +// Verify that a request with a space before the content length will result +// in a 400 Bad Request. + +const server = http.createServer(common.mustCall((request, response) => { + assert.notStrictEqual(request.url, '/admin'); + response.end('hello world'); +}), 1); + +server.listen(0, common.mustCall(start)); + +function start() { + const sock = net.connect(server.address().port); + + sock.write('' + + 'GET / HTTP/1.1\r\n' + + 'Host: localhost:8080\r\n' + + 'Transfer-Encoding: chunked\r\n' + + '\r\n' + + '2 \n' + + 'xx\r\n' + + '4c\r\n' + + '0\r\n' + + '\r\n' + + 'GET /admin HTTP/1.1\r\n' + + 'Host: localhost:8080\r\n' + + 'Transfer-Encoding: chunked\r\n' + + '\r\n' + + '0\r\n' + + '\r\n' + ); + + sock.resume(); + sock.on('end', common.mustCall(function() { + server.close(); + })); +} |