From 2d7eb3dc048584341654ddfea0dc7ea8c8e11428 Mon Sep 17 00:00:00 2001 From: George Notaras Date: Mon, 30 Dec 2013 00:14:46 +0200 Subject: [PATCH] Added extra valid request (099) and test (send_special_chunks). ``send_special_chunks`` sends the request data in two chunks, one having a length of 1 byte, which ensures there is no CRLF, and a second chunk containing the rest of the request data. Practically, this forces ``gunicorn.http.message.Request.read_line()`` to get the full request data with two buffer reads and reveal possible bugs related to the internal buffer mechanism. See #670 for more information. --- tests/requests/valid/099.http | 268 +++++++++++++++++++++++++++++++++ tests/requests/valid/099.py | 274 ++++++++++++++++++++++++++++++++++ tests/treq.py | 19 +++ 3 files changed, 561 insertions(+) create mode 100644 tests/requests/valid/099.http create mode 100644 tests/requests/valid/099.py diff --git a/tests/requests/valid/099.http b/tests/requests/valid/099.http new file mode 100644 index 00000000..969356d0 --- /dev/null +++ b/tests/requests/valid/099.http @@ -0,0 +1,268 @@ +POST /test-form HTTP/1.1\r\n +Host: 0.0.0.0:5000\r\n +User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0\r\n +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n +Accept-Language: en-us,en;q=0.7,el;q=0.3\r\n +Accept-Encoding: gzip, deflate\r\n +Cookie: csrftoken=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; sessionid=YYYYYYYYYYYYYYYYYYYYYYYYYYYY\r\n +Connection: keep-alive\r\n +Content-Type: multipart/form-data; boundary=---------------------------320761477111544\r\n +Content-Length: 17914\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="csrfmiddlewaretoken"\r\n +\r\n +XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="_save"\r\n +\r\n +Save\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="name"\r\n +\r\n +test.example.org\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="type"\r\n +\r\n +NATIVE\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="master"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-TOTAL_FORMS"\r\n +\r\n +1\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-INITIAL_FORMS"\r\n +\r\n +1\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-MAX_NUM_FORMS"\r\n +\r\n +1\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-0-is_dynamic"\r\n +\r\n +on\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-0-id"\r\n +\r\n +1\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-0-domain"\r\n +\r\n +2\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-__prefix__-id"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-__prefix__-domain"\r\n +\r\n +2\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-TOTAL_FORMS"\r\n +\r\n +1\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-INITIAL_FORMS"\r\n +\r\n +1\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-MAX_NUM_FORMS"\r\n +\r\n +1\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-ttl"\r\n +\r\n +3600\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-primary"\r\n +\r\n +ns.example.org\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-hostmaster"\r\n +\r\n +hostmaster.test.example.org\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-serial"\r\n +\r\n +2013121701\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-refresh"\r\n +\r\n +10800\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-retry"\r\n +\r\n +3600\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-expire"\r\n +\r\n +604800\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-default_ttl"\r\n +\r\n +3600\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-id"\r\n +\r\n +16\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-0-domain"\r\n +\r\n +2\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-ttl"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-primary"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-hostmaster"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-serial"\r\n +\r\n +1\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-refresh"\r\n +\r\n +10800\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-retry"\r\n +\r\n +3600\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-expire"\r\n +\r\n +604800\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-default_ttl"\r\n +\r\n +3600\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-id"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-domain"\r\n +\r\n +2\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-2-TOTAL_FORMS"\r\n +\r\n +0\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-2-INITIAL_FORMS"\r\n +\r\n +0\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-2-MAX_NUM_FORMS"\r\n +\r\n +1000\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-id"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-domain"\r\n +\r\n +2\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-name"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-ttl"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-content"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-3-TOTAL_FORMS"\r\n +\r\n +0\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-3-INITIAL_FORMS"\r\n +\r\n +0\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-3-MAX_NUM_FORMS"\r\n +\r\n +1000\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-id"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-domain"\r\n +\r\n +2\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-name"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-ttl"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-prio"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-content"\r\n +\r\n +\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-4-TOTAL_FORMS"\r\n +\r\n +0\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-4-INITIAL_FORMS"\r\n +\r\n +0\r\n +---------------------\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-5-TOTAL_FORMS"\r\n +\r\n +0\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-5-INITIAL_FORMS"\r\n +\r\n +0\r\n +---------------------\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-6-TOTAL_FORMS"\r\n +\r\n +0\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-6-INITIAL_FORMS"\r\n +\r\n +0\r\n +---------------------\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-7-TOTAL_FORMS"\r\n +\r\n +0\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-7-INITIAL_FORMS"\r\n +\r\n +0\r\n +---------------------\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-8-TOTAL_FORMS"\r\n +\r\n +0\r\n +-----------------------------320761477111544\r\n +Content-Disposition: form-data; name="foobar_manager_record_domain-8-INITIAL_FORMS"\r\n +\r\n +0\r\n +---------------------\r\n \ No newline at end of file diff --git a/tests/requests/valid/099.py b/tests/requests/valid/099.py new file mode 100644 index 00000000..e4256f66 --- /dev/null +++ b/tests/requests/valid/099.py @@ -0,0 +1,274 @@ +request = { + "method": "POST", + "uri": uri("/test-form"), + "version": (1, 1), + "headers": [ + ("HOST", "0.0.0.0:5000"), + ("USER-AGENT", "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"), + ("ACCEPT", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"), + ("ACCEPT-LANGUAGE", "en-us,en;q=0.7,el;q=0.3"), + ("ACCEPT-ENCODING", "gzip, deflate"), + ("COOKIE", "csrftoken=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; sessionid=YYYYYYYYYYYYYYYYYYYYYYYYYYYY"), + ("CONNECTION", "keep-alive"), + ("CONTENT-TYPE", "multipart/form-data; boundary=---------------------------320761477111544"), + ("CONTENT-LENGTH", "17914"), + ], + "body": b"""-----------------------------320761477111544 +Content-Disposition: form-data; name="csrfmiddlewaretoken" + +XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +-----------------------------320761477111544 +Content-Disposition: form-data; name="_save" + +Save +-----------------------------320761477111544 +Content-Disposition: form-data; name="name" + +test.example.org +-----------------------------320761477111544 +Content-Disposition: form-data; name="type" + +NATIVE +-----------------------------320761477111544 +Content-Disposition: form-data; name="master" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-TOTAL_FORMS" + +1 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-INITIAL_FORMS" + +1 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-MAX_NUM_FORMS" + +1 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-0-is_dynamic" + +on +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-0-id" + +1 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-0-domain" + +2 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-__prefix__-id" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_dynamiczone_domain-__prefix__-domain" + +2 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-TOTAL_FORMS" + +1 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-INITIAL_FORMS" + +1 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-MAX_NUM_FORMS" + +1 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-ttl" + +3600 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-primary" + +ns.example.org +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-hostmaster" + +hostmaster.test.example.org +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-serial" + +2013121701 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-refresh" + +10800 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-retry" + +3600 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-expire" + +604800 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-default_ttl" + +3600 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-id" + +16 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-0-domain" + +2 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-ttl" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-primary" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-hostmaster" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-serial" + +1 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-refresh" + +10800 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-retry" + +3600 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-expire" + +604800 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-default_ttl" + +3600 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-id" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-__prefix__-domain" + +2 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-2-TOTAL_FORMS" + +0 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-2-INITIAL_FORMS" + +0 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-2-MAX_NUM_FORMS" + +1000 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-id" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-domain" + +2 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-name" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-ttl" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-2-__prefix__-content" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-3-TOTAL_FORMS" + +0 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-3-INITIAL_FORMS" + +0 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-3-MAX_NUM_FORMS" + +1000 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-id" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-domain" + +2 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-name" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-ttl" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-prio" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-3-__prefix__-content" + + +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-4-TOTAL_FORMS" + +0 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-4-INITIAL_FORMS" + +0 +--------------------- +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-5-TOTAL_FORMS" + +0 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-5-INITIAL_FORMS" + +0 +--------------------- +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-6-TOTAL_FORMS" + +0 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-6-INITIAL_FORMS" + +0 +--------------------- +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-7-TOTAL_FORMS" + +0 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-7-INITIAL_FORMS" + +0 +--------------------- +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-8-TOTAL_FORMS" + +0 +-----------------------------320761477111544 +Content-Disposition: form-data; name="foobar_manager_record_domain-8-INITIAL_FORMS" + +0 +--------------------- +""".decode('utf-8').replace('\n', '\r\n').encode('utf-8'), +} diff --git a/tests/treq.py b/tests/treq.py index 072f0ae0..10557b1e 100644 --- a/tests/treq.py +++ b/tests/treq.py @@ -90,6 +90,25 @@ class request(object): yield self.data[read:read+chunk] read += chunk + def send_special_chunks(self): + """Meant to test the request line length check. + + Sends the request data in two chunks, one having a + length of 1 byte, which ensures that no CRLF is included, + and a second chunk containing the rest of the request data. + + If the request line length check is not done properly, + testing the ``tests/requests/valid/099.http`` request + fails with a ``LimitRequestLine`` exception. + + """ + chunk = self.data[:1] + read = 0 + while read < len(self.data): + yield self.data[read:read+len(chunk)] + read += len(chunk) + chunk = self.data[read:] + # These functions define the sizes that the # read functions will read with.