From 2e5037b9a6dc2a7b66fdc2434ee8d85aafa0a9c0 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Tue, 7 Jan 2020 14:24:54 -0800 Subject: [PATCH] test: check that --insecure-http-parser works Test that using --insecure-http-parser will disable validation of invalid characters in HTTP headers. See: - https://github.com/nodejs/node/pull/30567 PR-URL: https://github.com/nodejs/node/pull/31253 Reviewed-By: Richard Lau Reviewed-By: Ruben Bridgewater --- .../test-http-insecure-parser-legacy.js | 35 +++++++++++++++++++ test/parallel/test-http-insecure-parser.js | 35 +++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 test/parallel/test-http-insecure-parser-legacy.js create mode 100644 test/parallel/test-http-insecure-parser.js diff --git a/test/parallel/test-http-insecure-parser-legacy.js b/test/parallel/test-http-insecure-parser-legacy.js new file mode 100644 index 00000000000000..a337333ed0915f --- /dev/null +++ b/test/parallel/test-http-insecure-parser-legacy.js @@ -0,0 +1,35 @@ +// Flags: --insecure-http-parser --http-parser=legacy + +'use strict'; +const common = require('../common'); +const assert = require('assert'); +const http = require('http'); +const net = require('net'); + +const server = http.createServer(function(req, res) { + assert.strictEqual(req.headers['content-type'], 'text/te\bt'); + req.pipe(res); +}); + +server.listen(0, common.mustCall(function() { + const bufs = []; + const client = net.connect( + this.address().port, + function() { + client.write( + 'GET / HTTP/1.1\r\n' + + 'Content-Type: text/te\x08t\r\n' + + 'Connection: close\r\n\r\n'); + } + ); + client.on('data', function(chunk) { + bufs.push(chunk); + }); + client.on('end', common.mustCall(function() { + const head = Buffer.concat(bufs) + .toString('latin1') + .split('\r\n')[0]; + assert.strictEqual(head, 'HTTP/1.1 200 OK'); + server.close(); + })); +})); diff --git a/test/parallel/test-http-insecure-parser.js b/test/parallel/test-http-insecure-parser.js new file mode 100644 index 00000000000000..c9a3aa23c142d9 --- /dev/null +++ b/test/parallel/test-http-insecure-parser.js @@ -0,0 +1,35 @@ +// Flags: --insecure-http-parser + +'use strict'; +const common = require('../common'); +const assert = require('assert'); +const http = require('http'); +const net = require('net'); + +const server = http.createServer(function(req, res) { + assert.strictEqual(req.headers['content-type'], 'text/te\bt'); + req.pipe(res); +}); + +server.listen(0, common.mustCall(function() { + const bufs = []; + const client = net.connect( + this.address().port, + function() { + client.write( + 'GET / HTTP/1.1\r\n' + + 'Content-Type: text/te\x08t\r\n' + + 'Connection: close\r\n\r\n'); + } + ); + client.on('data', function(chunk) { + bufs.push(chunk); + }); + client.on('end', common.mustCall(function() { + const head = Buffer.concat(bufs) + .toString('latin1') + .split('\r\n')[0]; + assert.strictEqual(head, 'HTTP/1.1 200 OK'); + server.close(); + })); +}));