diff options
author | Matteo Collina <hello@matteocollina.com> | 2021-08-25 18:07:25 +0200 |
---|---|---|
committer | Beth Griggs <bgriggs@redhat.com> | 2021-10-11 16:46:09 +0100 |
commit | d5d3a03246c7297aab97e6b79bc8d057114a4978 (patch) | |
tree | ef8bee44b6e4a68a1ffaa81de9f116575901e0e7 | |
parent | 0858587f214a989a3ae29cd20727798f914103fe (diff) | |
download | node-new-d5d3a03246c7297aab97e6b79bc8d057114a4978.tar.gz |
http: add regression test for smuggling content length
PR-URL: https://github.com/nodejs-private/node-private/pull/286
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
-rw-r--r-- | test/parallel/test-http-request-smuggling-content-length.js | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/test/parallel/test-http-request-smuggling-content-length.js b/test/parallel/test-http-request-smuggling-content-length.js new file mode 100644 index 0000000000..4ae39b93f4 --- /dev/null +++ b/test/parallel/test-http-request-smuggling-content-length.js @@ -0,0 +1,31 @@ +'use strict'; + +const common = require('../common'); +const http = require('http'); +const net = require('net'); +const assert = require('assert'); + +// Verify that a request with a space before the content length will result +// in a 400 Bad Request. + +const server = http.createServer(common.mustNotCall()); + +server.listen(0, common.mustCall(start)); + +function start() { + const sock = net.connect(server.address().port); + + sock.write('GET / HTTP/1.1\r\nHost: localhost:5000\r\n' + + 'Content-Length : 5\r\n\r\nhello'); + + let body = ''; + sock.setEncoding('utf8'); + sock.on('data', (chunk) => { + body += chunk; + }); + sock.on('end', common.mustCall(function() { + assert.strictEqual(body, 'HTTP/1.1 400 Bad Request\r\n' + + 'Connection: close\r\n\r\n'); + server.close(); + })); +} |