blob: 9ae8a87d8e128a239f33c85f82c51060b9ce5c33 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
'use strict';
const common = require('../common');
// Test https://hackerone.com/reports/735748 is fixed.
const assert = require('assert');
const http = require('http');
const net = require('net');
const REQUEST_BB = `POST / HTTP/1.1
Content-Type: text/plain; charset=utf-8
Host: hacker.exploit.com
Connection: keep-alive
Content-Length: 10
Transfer-Encoding: eee, chunked
HELLOWORLDPOST / HTTP/1.1
Content-Type: text/plain; charset=utf-8
Host: hacker.exploit.com
Connection: keep-alive
Content-Length: 28
I AM A SMUGGLED REQUEST!!!
`;
const server = http.createServer(common.mustNotCall());
server.on('clientError', common.mustCall((err) => {
assert.strictEqual(err.code, 'HPE_UNEXPECTED_CONTENT_LENGTH');
server.close();
}));
server.listen(0, common.mustCall(() => {
const client = net.connect(
server.address().port,
common.mustCall(() => {
client.end(REQUEST_BB.replace(/\n/g, '\r\n'));
}));
}));
|