OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 12:20:27 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
v11.x
node/test/parallel/test-http-response-splitting.js
Mithun Sasidharan 0f3fd79ee9
test: refactored test-http-response-splitting to use countdown 
PR-URL: https://github.com/nodejs/node/pull/17348
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
2017-12-01 20:54:09 +01:00

63 lines
1.9 KiB
JavaScript
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

'use strict';
const common = require('../common');
const http = require('http');
const net = require('net');
const url = require('url');
const assert = require('assert');
const Countdown = require('../common/countdown');
// Response splitting example, credit: Amit Klein, Safebreach
const str = '/welcome?lang=bar%c4%8d%c4%8aContent­Length:%200%c4%8d%c4%8a%c' +
'4%8d%c4%8aHTTP/1.1%20200%20OK%c4%8d%c4%8aContent­Length:%202' +
'0%c4%8d%c4%8aLast­Modified:%20Mon,%2027%20Oct%202003%2014:50:18' +
'%20GMT%c4%8d%c4%8aContent­Type:%20text/html%c4%8d%c4%8a%c4%8' +
'd%c4%8a%3chtml%3eGotcha!%3c/html%3e';
// Response splitting example, credit: Сковорода Никита Андреевич (@ChALkeR)
const x = 'fooഊSet-Cookie: foo=barഊഊ<script>alert("Hi!")</script>';
const y = 'foo⠊Set-Cookie: foo=bar';
let count = 0;
const countdown = new Countdown(3, () => server.close());
function test(res, code, key, value) {
const header = { [key]: value };
common.expectsError(
() => res.writeHead(code, header),
{
code: 'ERR_INVALID_CHAR',
type: TypeError,
message: `Invalid character in header content ["${key}"]`
}
);
}
const server = http.createServer((req, res) => {
switch (count++) {
case 0:
const loc = url.parse(req.url, true).query.lang;
test(res, 302, 'Location', `/foo?lang=${loc}`);
break;
case 1:
test(res, 200, 'foo', x);
break;
case 2:
test(res, 200, 'foo', y);
break;
default:
assert.fail('should not get to here.');
}
countdown.dec();
res.end('ok');
});
server.listen(0, () => {
const end = 'HTTP/1.1\r\n\r\n';
const client = net.connect({ port: server.address().port }, () => {
client.write(`GET ${str} ${end}`);
client.write(`GET / ${end}`);
client.write(`GET / ${end}`);
client.end();
});
});
Reference in New Issue View Git Blame Copy Permalink