mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-02 18:51:31 +08:00
test: add failing fixtures for forbidden trailer fields
This commit is contained in:
parent
ba8776d3fc
commit
3b3752eb90
@ -0,0 +1,9 @@
|
|||||||
|
POST /p HTTP/1.1\r\n
|
||||||
|
Host: example.com\r\n
|
||||||
|
Transfer-Encoding: chunked\r\n
|
||||||
|
\r\n
|
||||||
|
5\r\n
|
||||||
|
hello\r\n
|
||||||
|
0\r\n
|
||||||
|
Content-Length: 99\r\n
|
||||||
|
\r\n
|
||||||
@ -0,0 +1,9 @@
|
|||||||
|
#
|
||||||
|
# This file is part of gunicorn released under the MIT license.
|
||||||
|
# See the NOTICE for more information.
|
||||||
|
|
||||||
|
# RFC 9110 section 6.5.1: Content-Length in trailers is a classic
|
||||||
|
# smuggling vector; origin must reject.
|
||||||
|
from gunicorn.http.errors import InvalidHeaderName
|
||||||
|
request = InvalidHeaderName
|
||||||
|
python_only = True
|
||||||
@ -0,0 +1,9 @@
|
|||||||
|
POST /p HTTP/1.1\r\n
|
||||||
|
Host: example.com\r\n
|
||||||
|
Transfer-Encoding: chunked\r\n
|
||||||
|
\r\n
|
||||||
|
5\r\n
|
||||||
|
hello\r\n
|
||||||
|
0\r\n
|
||||||
|
Host: evil.example.com\r\n
|
||||||
|
\r\n
|
||||||
11
tests/requests/invalid/rfc9110_trailer_forbidden_host_01.py
Normal file
11
tests/requests/invalid/rfc9110_trailer_forbidden_host_01.py
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
#
|
||||||
|
# This file is part of gunicorn released under the MIT license.
|
||||||
|
# See the NOTICE for more information.
|
||||||
|
|
||||||
|
# RFC 9110 section 6.5.1: certain header fields must not be sent in
|
||||||
|
# trailers because they alter routing or message framing (e.g. Host,
|
||||||
|
# Content-Length, Transfer-Encoding). Accepting them enables smuggling.
|
||||||
|
from gunicorn.http.errors import InvalidHeaderName
|
||||||
|
request = InvalidHeaderName
|
||||||
|
# The C parser (gunicorn_h1c) does not yet enforce this rule.
|
||||||
|
python_only = True
|
||||||
@ -0,0 +1,9 @@
|
|||||||
|
POST /p HTTP/1.1\r\n
|
||||||
|
Host: example.com\r\n
|
||||||
|
Transfer-Encoding: chunked\r\n
|
||||||
|
\r\n
|
||||||
|
5\r\n
|
||||||
|
hello\r\n
|
||||||
|
0\r\n
|
||||||
|
Transfer-Encoding: chunked\r\n
|
||||||
|
\r\n
|
||||||
@ -0,0 +1,9 @@
|
|||||||
|
#
|
||||||
|
# This file is part of gunicorn released under the MIT license.
|
||||||
|
# See the NOTICE for more information.
|
||||||
|
|
||||||
|
# RFC 9110 section 6.5.1: Transfer-Encoding in trailers alters framing
|
||||||
|
# and must not be accepted.
|
||||||
|
from gunicorn.http.errors import InvalidHeaderName
|
||||||
|
request = InvalidHeaderName
|
||||||
|
python_only = True
|
||||||
Loading…
x
Reference in New Issue
Block a user