diff options
author | Bert JW Regeer <bertjw@regeer.org> | 2020-02-02 15:12:06 -0800 |
---|---|---|
committer | Bert JW Regeer <bertjw@regeer.org> | 2020-02-02 15:12:06 -0800 |
commit | f87abb7320d9acfa2c321481b70974363966bfe5 (patch) | |
tree | 3eaf42d40ac2b44049036a9d5309e08f13ba183d | |
parent | 2fe8e54695ed038dadbb90e03140a1ab395d6629 (diff) | |
download | waitress-f87abb7320d9acfa2c321481b70974363966bfe5.tar.gz |
Add bad header that caused catastrophic backtracking
This lets us validate that we won't accidentally cause the same issue
down the line if we mess with the regular expressions
-rw-r--r-- | waitress/tests/test_parser.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/waitress/tests/test_parser.py b/waitress/tests/test_parser.py index b425131..19422a4 100644 --- a/waitress/tests/test_parser.py +++ b/waitress/tests/test_parser.py @@ -433,6 +433,17 @@ class TestHTTPRequestParser(unittest.TestCase): self.assertIn("FOO", self.parser.headers) self.assertEqual(self.parser.headers["FOO"], "abrowser/0.001 (C O M M E N T)") + def test_parse_header_invalid_backtrack_bad(self): + from waitress.parser import ParsingError + + data = b"GET /foobar HTTP/1.1\r\nfoo: bar\r\nfoo: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\x10\r\n" + try: + self.parser.parse_header(data) + except ParsingError as e: + self.assertIn("Invalid header", e.args[0]) + else: # pragma: nocover + self.assertTrue(False) + def test_parse_header_short_values(self): from waitress.parser import ParsingError |