mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-01 10:11:30 +08:00
Merge pull request #3599 from benoitc/test/rfc9112-chunked-edge-cases
test: codify chunked size/extension edge cases (RFC 9112 §7.1)
This commit is contained in:
commit
5d0f1e9b15
@ -0,0 +1,8 @@
|
||||
POST /upload HTTP/1.1\r\n
|
||||
Host: example.com\r\n
|
||||
Transfer-Encoding: chunked\r\n
|
||||
\r\n
|
||||
-5\r\n
|
||||
hello\r\n
|
||||
0\r\n
|
||||
\r\n
|
||||
@ -0,0 +1,7 @@
|
||||
#
|
||||
# This file is part of gunicorn released under the MIT license.
|
||||
# See the NOTICE for more information.
|
||||
|
||||
# RFC 9112 section 7.1: chunk-size = 1*HEXDIG; negative sign is invalid.
|
||||
from gunicorn.http.errors import InvalidChunkSize
|
||||
request = InvalidChunkSize
|
||||
@ -0,0 +1,8 @@
|
||||
POST /upload HTTP/1.1\r\n
|
||||
Host: example.com\r\n
|
||||
Transfer-Encoding: chunked\r\n
|
||||
\r\n
|
||||
+5\r\n
|
||||
hello\r\n
|
||||
0\r\n
|
||||
\r\n
|
||||
@ -0,0 +1,8 @@
|
||||
#
|
||||
# This file is part of gunicorn released under the MIT license.
|
||||
# See the NOTICE for more information.
|
||||
|
||||
# RFC 9112 section 7.1: chunk-size = 1*HEXDIG; a leading sign ("+" or "-")
|
||||
# is not valid and has been used in request-smuggling vectors.
|
||||
from gunicorn.http.errors import InvalidChunkSize
|
||||
request = InvalidChunkSize
|
||||
8
tests/requests/valid/rfc9112_chunked_ext_quoted_01.http
Normal file
8
tests/requests/valid/rfc9112_chunked_ext_quoted_01.http
Normal file
@ -0,0 +1,8 @@
|
||||
POST /upload HTTP/1.1\r\n
|
||||
Host: example.com\r\n
|
||||
Transfer-Encoding: chunked\r\n
|
||||
\r\n
|
||||
5;foo="bar baz"\r\n
|
||||
hello\r\n
|
||||
0\r\n
|
||||
\r\n
|
||||
15
tests/requests/valid/rfc9112_chunked_ext_quoted_01.py
Normal file
15
tests/requests/valid/rfc9112_chunked_ext_quoted_01.py
Normal file
@ -0,0 +1,15 @@
|
||||
#
|
||||
# This file is part of gunicorn released under the MIT license.
|
||||
# See the NOTICE for more information.
|
||||
|
||||
# RFC 9112 section 7.1.1: chunk-ext-val can be token or quoted-string.
|
||||
request = {
|
||||
"method": "POST",
|
||||
"uri": uri("/upload"),
|
||||
"version": (1, 1),
|
||||
"headers": [
|
||||
("HOST", "example.com"),
|
||||
("TRANSFER-ENCODING", "chunked"),
|
||||
],
|
||||
"body": b"hello",
|
||||
}
|
||||
@ -0,0 +1,8 @@
|
||||
POST /upload HTTP/1.1\r\n
|
||||
Host: example.com\r\n
|
||||
Transfer-Encoding: chunked\r\n
|
||||
\r\n
|
||||
0005\r\n
|
||||
hello\r\n
|
||||
0\r\n
|
||||
\r\n
|
||||
@ -0,0 +1,16 @@
|
||||
#
|
||||
# This file is part of gunicorn released under the MIT license.
|
||||
# See the NOTICE for more information.
|
||||
|
||||
# RFC 9112 section 7.1: chunk-size is 1*HEXDIG. Leading zeros are permitted
|
||||
# but have been used in smuggling vectors; fixture pins accepted behavior.
|
||||
request = {
|
||||
"method": "POST",
|
||||
"uri": uri("/upload"),
|
||||
"version": (1, 1),
|
||||
"headers": [
|
||||
("HOST", "example.com"),
|
||||
("TRANSFER-ENCODING", "chunked"),
|
||||
],
|
||||
"body": b"hello",
|
||||
}
|
||||
@ -0,0 +1,8 @@
|
||||
POST /upload HTTP/1.1\r\n
|
||||
Host: example.com\r\n
|
||||
Transfer-Encoding: chunked\r\n
|
||||
\r\n
|
||||
A\r\n
|
||||
0123456789\r\n
|
||||
0\r\n
|
||||
\r\n
|
||||
@ -0,0 +1,15 @@
|
||||
#
|
||||
# This file is part of gunicorn released under the MIT license.
|
||||
# See the NOTICE for more information.
|
||||
|
||||
# RFC 9112 section 7.1: chunk-size = 1*HEXDIG, which allows both cases.
|
||||
request = {
|
||||
"method": "POST",
|
||||
"uri": uri("/upload"),
|
||||
"version": (1, 1),
|
||||
"headers": [
|
||||
("HOST", "example.com"),
|
||||
("TRANSFER-ENCODING", "chunked"),
|
||||
],
|
||||
"body": b"0123456789",
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user