Merge pull request from GHSA-4f7p-27jc-3c36v2.1.1

Fix for HTTP request smuggling due to incorrect validation
author: Bert JW Regeer <xistence@0x58.com> 2022-03-16 15:26:15 -0600
committer: GitHub <noreply@github.com> 2022-03-16 15:26:15 -0600
commit: 9e0b8c801e4d505c2ffc91b891af4ba48af715e0 (patch)
tree: 9d072734176f480abc59c06b8b2e03ec1850587d /tests/test_receiver.py
parent: 22c03947e3bcd7631120aae40d3d844d4f35e49f (diff)
parent: b28c9e8bda326ff2f87bf8eb7ea6b110ee0ae6fe (diff)
download: waitress-9e0b8c801e4d505c2ffc91b891af4ba48af715e0.tar.gz
1 files changed, 51 insertions, 0 deletions
diff --git a/tests/test_receiver.py b/tests/test_receiver.py
index f55aa68..d160cac 100644
--- a/tests/test_receiver.py
+++ b/tests/test_receiver.py
@@ -1,5 +1,7 @@
 import unittest
 
+import pytest
+
 
 class TestFixedStreamReceiver(unittest.TestCase):
     def _makeOne(self, cl, buf):
@@ -226,6 +228,55 @@ class TestChunkedReceiver(unittest.TestCase):
         self.assertEqual(inst.error, None)
 
 
+class TestChunkedReceiverParametrized:
+    def _makeOne(self, buf):
+        from waitress.receiver import ChunkedReceiver
+
+        return ChunkedReceiver(buf)
+
+    @pytest.mark.parametrize(
+        "invalid_extension", [b"\n", b"invalid=", b"\r", b"invalid = true"]
+    )
+    def test_received_invalid_extensions(self, invalid_extension):
+        from waitress.utilities import BadRequest
+
+        buf = DummyBuffer()
+        inst = self._makeOne(buf)
+        data = b"4;" + invalid_extension + b"\r\ntest\r\n"
+        result = inst.received(data)
+        assert result == len(data)
+        assert inst.error.__class__ == BadRequest
+        assert inst.error.body == "Invalid chunk extension"
+
+    @pytest.mark.parametrize(
+        "valid_extension", [b"test", b"valid=true", b"valid=true;other=true"]
+    )
+    def test_received_valid_extensions(self, valid_extension):
+        # While waitress may ignore extensions in Chunked Encoding, we do want
+        # to make sure that we don't fail when we do encounter one that is
+        # valid
+        buf = DummyBuffer()
+        inst = self._makeOne(buf)
+        data = b"4;" + valid_extension + b"\r\ntest\r\n"
+        result = inst.received(data)
+        assert result == len(data)
+        assert inst.error == None
+
+    @pytest.mark.parametrize(
+        "invalid_size", [b"0x04", b"+0x04", b"x04", b"+04", b" 04", b" 0x04"]
+    )
+    def test_received_invalid_size(self, invalid_size):
+        from waitress.utilities import BadRequest
+
+        buf = DummyBuffer()
+        inst = self._makeOne(buf)
+        data = invalid_size + b"\r\ntest\r\n"
+        result = inst.received(data)
+        assert result == len(data)
+        assert inst.error.__class__ == BadRequest
+        assert inst.error.body == "Invalid chunk size"
+
+
 class DummyBuffer:
     def __init__(self, data=None):
         if data is None:
author	Bert JW Regeer <xistence@0x58.com>	2022-03-16 15:26:15 -0600
committer	GitHub <noreply@github.com>	2022-03-16 15:26:15 -0600
commit	9e0b8c801e4d505c2ffc91b891af4ba48af715e0 (patch)
tree	9d072734176f480abc59c06b8b2e03ec1850587d /tests/test_receiver.py
parent	22c03947e3bcd7631120aae40d3d844d4f35e49f (diff)
parent	b28c9e8bda326ff2f87bf8eb7ea6b110ee0ae6fe (diff)
download	waitress-9e0b8c801e4d505c2ffc91b891af4ba48af715e0.tar.gz