Add bad header that caused catastrophic backtracking

This lets us validate that we won't accidentally cause the same issue down the line if we mess with the regular expressions
author: Bert JW Regeer <bertjw@regeer.org> 2020-02-02 15:12:06 -0800
committer: Bert JW Regeer <bertjw@regeer.org> 2020-02-02 15:12:06 -0800
commit: f87abb7320d9acfa2c321481b70974363966bfe5 (patch)
tree: 3eaf42d40ac2b44049036a9d5309e08f13ba183d
parent: 2fe8e54695ed038dadbb90e03140a1ab395d6629 (diff)
download: waitress-f87abb7320d9acfa2c321481b70974363966bfe5.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/waitress/tests/test_parser.py b/waitress/tests/test_parser.py
index b425131..19422a4 100644
--- a/waitress/tests/test_parser.py
+++ b/waitress/tests/test_parser.py
@@ -433,6 +433,17 @@ class TestHTTPRequestParser(unittest.TestCase):
         self.assertIn("FOO", self.parser.headers)
         self.assertEqual(self.parser.headers["FOO"], "abrowser/0.001 (C O M M E N T)")
 
+    def test_parse_header_invalid_backtrack_bad(self):
+        from waitress.parser import ParsingError
+
+        data = b"GET /foobar HTTP/1.1\r\nfoo: bar\r\nfoo: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\x10\r\n"
+        try:
+            self.parser.parse_header(data)
+        except ParsingError as e:
+            self.assertIn("Invalid header", e.args[0])
+        else:  # pragma: nocover
+            self.assertTrue(False)
+
     def test_parse_header_short_values(self):
         from waitress.parser import ParsingError
author	Bert JW Regeer <bertjw@regeer.org>	2020-02-02 15:12:06 -0800
committer	Bert JW Regeer <bertjw@regeer.org>	2020-02-02 15:12:06 -0800
commit	f87abb7320d9acfa2c321481b70974363966bfe5 (patch)
tree	3eaf42d40ac2b44049036a9d5309e08f13ba183d
parent	2fe8e54695ed038dadbb90e03140a1ab395d6629 (diff)
download	waitress-f87abb7320d9acfa2c321481b70974363966bfe5.tar.gz