Skip to content

Commit

Permalink
test: using TE to smuggle reqs is not possible
Browse files Browse the repository at this point in the history
  • Loading branch information
sam-github committed Feb 4, 2020
1 parent 25d6011 commit 9cd155e
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 1 deletion.
2 changes: 1 addition & 1 deletion test/parallel/test-http-client-error-rawbytes.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ server.listen(0, common.mustCall(() => {
const req = http.get(`http://localhost:${server.address().port}/`);
req.end();
req.on('error', common.mustCall((err) => {
const reason = 'Content-Length can\'t be present with chunked encoding';
const reason = 'Content-Length can\'t be present with Transfer-Encoding';
assert.strictEqual(err.message, `Parse Error: ${reason}`);
assert(err.bytesParsed < response.length);
assert(err.bytesParsed >= response.indexOf('Transfer-Encoding'));
Expand Down
10 changes: 10 additions & 0 deletions test/parallel/test-http-invalid-te-legacy.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
// Flags: --http-parser=legacy

'use strict';

// Test https://hackerone.com/reports/735748 is fixed.
// Test should pass with legacy parser, not just the default.

require('../common');

require('./test-http-invalid-te-legacy.js');
40 changes: 40 additions & 0 deletions test/parallel/test-http-invalid-te.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
'use strict';

const common = require('../common');

// Test https://hackerone.com/reports/735748 is fixed.

const assert = require('assert');
const http = require('http');
const net = require('net');

const REQUEST_BB = `POST / HTTP/1.1
Content-Type: text/plain; charset=utf-8
Host: hacker.exploit.com
Connection: keep-alive
Content-Length: 10
Transfer-Encoding: chunked, eee
HELLOWORLDPOST / HTTP/1.1
Content-Type: text/plain; charset=utf-8
Host: hacker.exploit.com
Connection: keep-alive
Content-Length: 28
I AM A SMUGGLED REQUEST!!!
`;

const server = http.createServer(common.mustNotCall());

server.on('clientError', common.mustCall((err) => {
assert.strictEqual(err.code, 'HPE_UNEXPECTED_CONTENT_LENGTH');
server.close();
}));

server.listen(0, common.mustCall(() => {
const client = net.connect(
server.address().port,
common.mustCall(() => {
client.end(REQUEST_BB.replace(/\n/g, '\r\n'));
}));
}));

0 comments on commit 9cd155e

Please sign in to comment.