mirror of
https://github.com/frappe/gunicorn.git
synced 2026-01-14 11:09:11 +08:00
test number of headers fields and size.
Add --limit-request-fields (limit_request_fields) and
--limit-request-field-size (limit-request-field-size) options.
- limit_request_fields:
Value is a number from 0 (unlimited) to 32768. This parameter is
used to limit the number of headers in a request to prevent DDOS
attack. Used with the `limit_request_field_size` it allows more
safety.
- limit_request_field_size:
Value is a number from 0 (unlimited) to 8190. to set the limit
on the allowed size of an HTTP request header field.
This commit is contained in:
benoitc
parent
b7b0979ad9
commit
7a1c58f236
@ -448,6 +448,38 @@ class LimitRequestLine(Setting):
|
||||
This parameter can be used to prevent any DDOS attack.
|
||||
"""
|
||||
|
||||
class LimitRequestFields(Setting):
|
||||
name = "limit_request_fields"
|
||||
section = "Security"
|
||||
cli = ["--limit-request-fields"]
|
||||
meta = "INT"
|
||||
validator = validate_pos_int
|
||||
type = "int"
|
||||
default = 100
|
||||
desc= """\
|
||||
Limit the number of HTTP headers fields in a request.
|
||||
|
||||
Value is a number from 0 (unlimited) to 32768. This parameter is
|
||||
used to limit the number of headers in a request to prevent DDOS
|
||||
attack. Used with the `limit_request_field_size` it allows more
|
||||
safety.
|
||||
"""
|
||||
|
||||
class LimitRequestFieldSize(Setting):
|
||||
name = "limit_request_field_size"
|
||||
section = "Security"
|
||||
cli = ["--limit-request-field_size"]
|
||||
meta = "INT"
|
||||
validator = validate_pos_int
|
||||
type = "int"
|
||||
default = 8190
|
||||
desc= """\
|
||||
Limit he allowed size of an HTTP request header field.
|
||||
|
||||
Value is a number from 0 (unlimited) to 8190. to set the limit
|
||||
on the allowed size of an HTTP request header field.
|
||||
"""
|
||||
|
||||
class Debug(Setting):
|
||||
name = "debug"
|
||||
section = "Debugging"
|
||||
|
||||
@ -70,3 +70,10 @@ class LimitRequestLine(ParseException):
|
||||
|
||||
def __str__(self):
|
||||
return "Request Line is too large (%s > %s)" % (self.size, self.max_size)
|
||||
|
||||
class LimitRequestHeaders(ParseException):
|
||||
def __init__(self, msg):
|
||||
self.msg = msg
|
||||
|
||||
def __str__(self):
|
||||
return self.msg
|
||||
|
||||
@ -13,9 +13,12 @@ except ImportError:
|
||||
|
||||
from gunicorn.http.body import ChunkedReader, LengthReader, EOFReader, Body
|
||||
from gunicorn.http.errors import InvalidHeader, InvalidHeaderName, NoMoreData, \
|
||||
InvalidRequestLine, InvalidRequestMethod, InvalidHTTPVersion, LimitRequestLine
|
||||
InvalidRequestLine, InvalidRequestMethod, InvalidHTTPVersion, \
|
||||
LimitRequestLine, LimitRequestHeaders
|
||||
|
||||
MAX_REQUEST_LINE = 8190
|
||||
MAX_HEADERS = 32768
|
||||
MAX_HEADERFIELD_SIZE = 8190
|
||||
|
||||
class Message(object):
|
||||
def __init__(self, cfg, unreader):
|
||||
@ -28,6 +31,19 @@ class Message(object):
|
||||
|
||||
self.hdrre = re.compile("[\x00-\x1F\x7F()<>@,;:\[\]={} \t\\\\\"]")
|
||||
|
||||
# set headers limits
|
||||
self.limit_request_fields = max(cfg.limit_request_fields, MAX_HEADERS)
|
||||
if self.limit_request_fields <= 0:
|
||||
self.limit_request_fields = MAX_HEADERS
|
||||
self.limit_request_field_size = max(cfg.limit_request_field_size,
|
||||
MAX_HEADERFIELD_SIZE)
|
||||
if self.limit_request_field_size <= 0:
|
||||
self.limit_request_field_size = MAX_HEADERFIELD_SIZE
|
||||
|
||||
# set max header buffer size
|
||||
self.max_buffer_headers = self.limit_request_fields * \
|
||||
(self.limit_request_field_size + 2) + 4
|
||||
|
||||
unused = self.parse(self.unreader)
|
||||
self.unreader.unread(unused)
|
||||
self.set_body_reader()
|
||||
@ -44,6 +60,9 @@ class Message(object):
|
||||
# Parse headers into key/value pairs paying attention
|
||||
# to continuation lines.
|
||||
while len(lines):
|
||||
if len(headers) > self.limit_request_fields:
|
||||
raise LimitRequestHeaders("limit request headers fields")
|
||||
|
||||
# Parse initial header name : value pair.
|
||||
curr = lines.pop(0)
|
||||
if curr.find(":") < 0:
|
||||
@ -52,6 +71,7 @@ class Message(object):
|
||||
name = name.rstrip(" \t").upper()
|
||||
if self.hdrre.search(name):
|
||||
raise InvalidHeaderName(name)
|
||||
|
||||
name, value = name.strip(), [value.lstrip()]
|
||||
|
||||
# Consume value continuation lines
|
||||
@ -59,6 +79,9 @@ class Message(object):
|
||||
value.append(lines.pop(0))
|
||||
value = ''.join(value).rstrip()
|
||||
|
||||
if len(value) > self.limit_request_field_size:
|
||||
raise LimitRequestHeaders("limit request field size")
|
||||
|
||||
headers.append((name, value))
|
||||
return headers
|
||||
|
||||
@ -114,7 +137,6 @@ class Request(Message):
|
||||
MAX_REQUEST_LINE)
|
||||
if self.limit_request_line <= 0:
|
||||
self.limit_request_line = MAX_REQUEST_LINE
|
||||
|
||||
super(Request, self).__init__(cfg, unreader)
|
||||
|
||||
|
||||
@ -151,12 +173,18 @@ class Request(Message):
|
||||
idx = data.find("\r\n\r\n")
|
||||
|
||||
done = data[:2] == "\r\n"
|
||||
while idx < 0 and not done:
|
||||
self.get_data(unreader, buf)
|
||||
data = buf.getvalue()
|
||||
while True:
|
||||
idx = data.find("\r\n\r\n")
|
||||
done = data[:2] == "\r\n"
|
||||
|
||||
if idx < 0 and not done:
|
||||
self.get_data(unreader, buf)
|
||||
data = buf.getvalue()
|
||||
if len(data) > self.max_buffer_headers:
|
||||
raise LimitRequestHeaders("max buffer headers")
|
||||
else:
|
||||
break
|
||||
|
||||
if done:
|
||||
self.unreader.unread(data[2:])
|
||||
return ""
|
||||
|
||||
@ -16,7 +16,7 @@ from gunicorn.workers.workertmp import WorkerTmp
|
||||
|
||||
from gunicorn.http.errors import InvalidHeader, InvalidHeaderName, \
|
||||
InvalidRequestLine, InvalidRequestMethod, InvalidHTTPVersion, \
|
||||
LimitRequestLine
|
||||
LimitRequestLine, LimitRequestHeaders
|
||||
|
||||
|
||||
class Worker(object):
|
||||
@ -149,7 +149,9 @@ class Worker(object):
|
||||
elif isinstance(exc, (InvalidHeaderName, InvalidHeader,)):
|
||||
mesg = "<p>Invalid Header '%s'</p>" % str(exc)
|
||||
elif isinstance(exc, LimitRequestLine):
|
||||
msg = str(exc)
|
||||
msg = "<p>%s</p>" % str(exc)
|
||||
elif isinstance(exc, LimitRequestHeaders):
|
||||
msg = "<p>Error parsing headers: '%s'</p>" % str(exc)
|
||||
|
||||
if self.debug:
|
||||
tb = traceback.format_exc()
|
||||
|
||||
8
tests/requests/invalid/007.http
Normal file
8
tests/requests/invalid/007.http
Normal file
File diff suppressed because one or more lines are too long
2
tests/requests/invalid/007.py
Normal file
2
tests/requests/invalid/007.py
Normal file
@ -0,0 +1,2 @@
|
||||
from gunicorn.http.errors import LimitRequestHeaders
|
||||
request = LimitRequestHeaders
|
||||
6
tests/requests/invalid/008.http
Normal file
6
tests/requests/invalid/008.http
Normal file
@ -0,0 +1,6 @@
|
||||
PUT /stuff/here?foo=bar HTTP/1.0\r\n
|
||||
Server: http://127.0.0.1:5984\r\n
|
||||
Content-Type: application/json\r\n
|
||||
Someheader: 08aP8931Ltyl9nqyJvjMaRCOgDV3uONtAdHABjoZUG6KAP6h3Vh97O3GJjjovXYgNdrhxc7TriXoAmeehZMJx88EyhcPXO0f09Nvd128SZnxZ2r5jFDELkn26reKRysODSLBZLfjU3vxLzLXKWeFOFJKcZYRH9V7hC98DDS4ZsS7weUksBuK6m86aLNHHHB0Xbyxv1TiDbOWYIzKxV0eZKyk0CaDLDiR0CRuMOf4rwBeuHoMrumzafrFI5iL72ANQZmOvKdk1qQeXkRqEG11YU0kF7f1hSlmgiIgg5maWiBsA9sAg36IIXZMWwJF63zpMgAyjTT8l4pQhSBfhY2xbGAWmLGpyd1rlBm0O5LCoKpnQuTACm2azi0x6a1Qbry9flQBO4jHge2dXiD1si6Gh5q8fZu8ZQ7LLWii2u4rGB7E4XlhnClrCHg5vJmjYf2AItYPA0ogsiIdEEQGpzMJPqrp8Icn5kAAimWF1aCYaDjcdSgWI48PnoxlzIHX50EPFcPOSLecjkstD9z66H554sUXfWn3Mk9lnOUlse6nx0u1YClFK4UFXp98ru9eBBr7pkAsfZ34yPskayGyXPPyzWyBfVd28UuvdEG47SMdyqEpX0rFdk67fAYij0PWMK79mDmGAS37O821o18XUbu0GQjsqAGVMN9LDIAliD9QqtlwdEnplKkUyyZ7GAFJCFffgzppU9CjA2FbPX6ZjTOi4sPoYEyhyeQKVqAe9keYeDpU2qDwq83XEDQUKvP0w48GyavSmdBcrMXjUsu0PfdYpSaKwarrUB3i93HgoQB3ZJIR4lW6iPRTmm28OEKq2MIJGAoTXxCZYM5UacRldlqQOj6JkYz6y7ppWOjJ9yiCUEenuvfcItgmw9HIgGA59JxO8NDLEZLSONfuIgiV7wjsJnxuTOlU4vkjV7fTuOeU91xez7UKhaTqqEW3XBUSLjhKi3IkZg7ukrGZTWPhijFv2EZwEWDAyLlHvZB4X738zGJUlEX1k52EHwrKVKdLfePcaOjAGKsongHBFYxYC8vBBLuKm9RWexKCT14M25pCGloJXZ4OpBRfDQA2kobLUcEXEpzqRBPGN2JdNSBOFlUtUxWKnnPBM6r9S356l3k1o9zTIPeoIitWRjASs4A0iwYc8p5vv5Kt8KtsmW7Xv8dlU8HbZHsy3LI7O9BpUH8cJubqdEhooKABkx71pdcsZGhZb6epyTiPyvOhdJ7tNtFy3KQOameqTgGyd53Z42eZ0AjaOEvnzermi2E0xo3MMHFhB74TFtNAI3ppxxyqknc1mzUqZ49Wi8YPBg9ids6IgZvddBQYvwEozkmyGAkatQtt9TD4LjU3TyyUlhNG21q7CzEEl8NNsVrV6QyHsfw7E5w7XcoT7OQkBYoZwHIAjfekehnpc2llRtRY5m43fPVasmsVazOR36DRSLZJPHAqUDO0LInu9mgP57Mnz9CgylEmdE2aaYs426rnTFR3G3CfjLofHfjaLOkAegr4W3jx6MNMMOMZw2u46YTCnlfbBK6ZA1UYeAH1DIQJykcSQESinC8HpYIJt9A8g7UT0awzRP1F9nHa3wDnaAHndQYKMrjzlWo8ejQ0XHWgHhqnWHgW4h9sOnJckH00CYK1fHUKASJ3D8kOKax6uplexfz6BCvAoL9zm5TjeB1yxrpLp9NjjTWSKG2HOZhPkGpdEqU4mjnN2AkUVACPGos5YLBmTnSrdOEGZJDlAvJOUt800Mu3BYc1MiDIB6LMSSV5RsIUDFOzNletGQoq4G3yHZmx78uEse5vUTPFF3KT8LCrssqdIU9H97Npgf6N5j8arQ7ykLzN459jJaUzpGIo6uowPnUSatDf9GAvAmWNvsVTz6bYiAV71C7QF0C7UolYIQY6DHJEHejgX2YMEovWNLPL50eeC51h4DdPNv5G4ZdNtQTRVybYBZMpetGDiFmXN0JKa1sKHOSZxdrhKjxDIhrYVyCcRUMQ0sjGGHFuOcRszr6E5igEMtsebHQ3KYiGd5B27LikpUHhk61rgZlulHdMoS6YgQs6SV6UMVNku6sCw529xhUciDwRMhsbAjDlahYbrGa3NryxyV5LrXONGGKCchCqv7vDMdAtPrVr8M2vL5MySQAC3g90iugGQcLH3hCf9f1Kn5X0hM4KZTfwOPJhlfJsMRNhssiDoXaycUvOUS58266yPDlitPIAzO03XClm4EDPXGIwcwiFr7FcDo3tQIMZVy87i48Zb80s3zAYRiBIS0vO3RKGx3OGN5zid2B7MfnfLzvpvgZoirHhAqXffnym5abpZNzGuo5GowTRA2Ptk4Ve2JFoHACWpD6HiGnRZ9QVOmPICoQrSUQw45Jlk9onKJz5Erhnx0943Uno6tMJ5jbrWBNiIO7i04xzRBgujeiAJvuQkVDX2QLKRxZ7s6rhdfOaq6R6uL108gEzzlXOLqTTJXgM63rcUWNbE7wsIXcCFSF59LLJ7G5Qea33suxdDX6DcK4a0VMZoxmWPtCi1dAT9ggJqc2Sh7mkAqizaB16RXZvSydchpdVj6s4qn4ivr0HKHdAstX0XZ0FFU6lOiNmU3vasMg2uaVG8tyuG8N8VsuXIOQs7xtFxDhilYb8MQ9vES9pWfWPSXFlJAq4XKPY8a0JOIx57EQuWHo3uWgRTIRThvZP9YYzSnjGIHwjS8JeppICHofADXZhJ0uDQaQs7MiXEALpGmT3W6w0G3tBdZcuTDkWx1HsT5jd9jQeJpgD2VxdKh8U4Q3vANTAuwBXLJ2P0stS8Q72JWgNPwKYTY9cPoaGZlUFGgVsq8CdEFH9yW0c27G5s5sfHsyep6t4VxIHHMOX2GmMRyGxDI33am1J7ZmJ1NyXiwkHxtPH5QBpU2PMu2Guf3xIxlk3snMkMAsGO0vYfqO9tdIgdxMYO3HZTYv99OXaHcNQ5u0pRZZyVrNOIPurkEOdJy0nowPemIgUuHWh8vQCuDZav1m35AOl6ftSFuChSm5KstEWnC7q8mJ0juJEBkCRmQphP3V1pqiDjz6YA90qEe7MA3nzT0nHG8A1hWlqcPVPNz4qWNF6Fq1ub4075aXO0H7Krb6rhWGb3ZRPjpb4BKN8jGFQrBUMZprtjAJ67BnfmYgE0mmGLV2QP10gYS1T06kBRyrtp7he6wsPiBPJ7wxPLHNUN2SGQHBTSKagndM99fuaga5Sw9OT8Fzdo7xUJXfhJ97gUnNDrknal0B00NMNvajZeQQTJyBsVSwBZtZ45ZCcq1idc7GWC0MITSk58cIVkSPXbrERUaygyY13dPeEVzjVi9aVJwUF6eJu1s8u3FCJqp2GoWIItwvZO69asX75fekFkmFpNavxM0X0dZC01TTPpV6E6PJoIfW8C06CKNHV7Gk2mkTWGSwUG4xD2L3G3XarodHDcmumFJX9Xviv0rvm38SCtin6OpjH8MHYDrj1OxTJbC2VclJxv73z2BDBquosKOik0fmgbPZN0FUTmjBEwHTvqd5QHTwb3nOpEz3X6YCF0lrcrQc0uhyr7gBGBs86nUBWFRp1LKjIRVTVXDipajqNDTQGNZtzvR9MUf1yJJV07inbrlPOENd7rHpKCrJtoZXOkDqInaIqoMCG3DVd353BGmZNJEKOa3DnL7fb9zwuHlvHAfCco7ZS4wAV87trWkp6skXux9v5WhkumbUyGq4ia6DM1PuqqnFfBTAWDzJsnggAJrzr8O7JbDtaXwcW9sqaOb0S6NvnUDZqiNdDQPMDOKvXRJJJQdf1FSrPCCSPEEWO1SeVwictj7rTbpWGRoukwhgJALys95pGGOQxCPzRGrtVFnGcsLN1CwI3wLbmDnNKUv3KpOLEOPRxQXeXuJRIiYCFum44c0wNr731DvHn3YEJMH4iwFONl1rolEL4w6KFUOCq7ekrE5iyUt1V32PNtuUshXRjOYjBval29JMH5GoqZlGhCczzHMA61cmuzqdFwiPCB9yzqvJTg8TqMNvwKJztFIQK4mc5Ev5rRVSozD796AVRKT8rZF39IA1kmCLdXqz7CCC8x4QjjDpxjKCXP5HkWf9mp2FNBjE3pAeaEc6Vk2ENLlW8WVCe\r\n
|
||||
Someheader: 08aP8931Ltyl9nqyJvjMaRCOgDV3uONtAdHABjoZUG6KAP6h3Vh97O3GJjjovXYgNdrhxc7TriXoAmeehZMJx88EyhcPXO0f09Nvd128SZnxZ2r5jFDELkn26reKRysODSLBZLfjU3vxLzLXKWeFOFJKcZYRH9V7hC98DDS4ZsS7weUksBuK6m86aLNHHHB0Xbyxv1TiDbOWYIzKxV0eZKyk0CaDLDiR0CRuMOf4rwBeuHoMrumzafrFI5iL72ANQZmOvKdk1qQeXkRqEG11YU0kF7f1hSlmgiIgg5maWiBsA9sAg36IIXZMWwJF63zpMgAyjTT8l4pQhSBfhY2xbGAWmLGpyd1rlBm0O5LCoKpnQuTACm2azi0x6a1Qbry9flQBO4jHge2dXiD1si6Gh5q8fZu8ZQ7LLWii2u4rGB7E4XlhnClrCHg5vJmjYf2AItYPA0ogsiIdEEQGpzMJPqrp8Icn5kAAimWF1aCYaDjcdSgWI48PnoxlzIHX50EPFcPOSLecjkstD9z66H554sUXfWn3Mk9lnOUlse6nx0u1YClFK4UFXp98ru9eBBr7pkAsfZ34yPskayGyXPPyzWyBfVd28UuvdEG47SMdyqEpX0rFdk67fAYij0PWMK79mDmGAS37O821o18XUbu0GQjsqAGVMN9LDIAliD9QqtlwdEnplKkUyyZ7GAFJCFffgzppU9CjA2FbPX6ZjTOi4sPoYEyhyeQKVqAe9keYeDpU2qDwq83XEDQUKvP0w48GyavSmdBcrMXjUsu0PfdYpSaKwarrUB3i93HgoQB3ZJIR4lW6iPRTmm28OEKq2MIJGAoTXxCZYM5UacRldlqQOj6JkYz6y7ppWOjJ9yiCUEenuvfcItgmw9HIgGA59JxO8NDLEZLSONfuIgiV7wjsJnxuTOlU4vkjV7fTuOeU91xez7UKhaTqqEW3XBUSLjhKi3IkZg7ukrGZTWPhijFv2EZwEWDAyLlHvZB4X738zGJUlEX1k52EHwrKVKdLfePcaOjAGKsongHBFYxYC8vBBLuKm9RWexKCT14M25pCGloJXZ4OpBRfDQA2kobLUcEXEpzqRBPGN2JdNSBOFlUtUxWKnnPBM6r9S356l3k1o9zTIPeoIitWRjASs4A0iwYc8p5vv5Kt8KtsmW7Xv8dlU8HbZHsy3LI7O9BpUH8cJubqdEhooKABkx71pdcsZGhZb6epyTiPyvOhdJ7tNtFy3KQOameqTgGyd53Z42eZ0AjaOEvnzermi2E0xo3MMHFhB74TFtNAI3ppxxyqknc1mzUqZ49Wi8YPBg9ids6IgZvddBQYvwEozkmyGAkatQtt9TD4LjU3TyyUlhNG21q7CzEEl8NNsVrV6QyHsfw7E5w7XcoT7OQkBYoZwHIAjfekehnpc2llRtRY5m43fPVasmsVazOR36DRSLZJPHAqUDO0LInu9mgP57Mnz9CgylEmdE2aaYs426rnTFR3G3CfjLofHfjaLOkAegr4W3jx6MNMMOMZw2u46YTCnlfbBK6ZA1UYeAH1DIQJykcSQESinC8HpYIJt9A8g7UT0awzRP1F9nHa3wDnaAHndQYKMrjzlWo8ejQ0XHWgHhqnWHgW4h9sOnJckH00CYK1fHUKASJ3D8kOKax6uplexfz6BCvAoL9zm5TjeB1yxrpLp9NjjTWSKG2HOZhPkGpdEqU4mjnN2AkUVACPGos5YLBmTnSrdOEGZJDlAvJOUt800Mu3BYc1MiDIB6LMSSV5RsIUDFOzNletGQoq4G3yHZmx78uEse5vUTPFF3KT8LCrssqdIU9H97Npgf6N5j8arQ7ykLzN459jJaUzpGIo6uowPnUSatDf9GAvAmWNvsVTz6bYiAV71C7QF0C7UolYIQY6DHJEHejgX2YMEovWNLPL50eeC51h4DdPNv5G4ZdNtQTRVybYBZMpetGDiFmXN0JKa1sKHOSZxdrhKjxDIhrYVyCcRUMQ0sjGGHFuOcRszr6E5igEMtsebHQ3KYiGd5B27LikpUHhk61rgZlulHdMoS6YgQs6SV6UMVNku6sCw529xhUciDwRMhsbAjDlahYbrGa3NryxyV5LrXONGGKCchCqv7vDMdAtPrVr8M2vL5MySQAC3g90iugGQcLH3hCf9f1Kn5X0hM4KZTfwOPJhlfJsMRNhssiDoXaycUvOUS58266yPDlitPIAzO03XClm4EDPXGIwcwiFr7FcDo3tQIMZVy87i48Zb80s3zAYRiBIS0vO3RKGx3OGN5zid2B7MfnfLzvpvgZoirHhAqXffnym5abpZNzGuo5GowTRA2Ptk4Ve2JFoHACWpD6HiGnRZ9QVOmPICoQrSUQw45Jlk9onKJz5Erhnx0943Uno6tMJ5jbrWBNiIO7i04xzRBgujeiAJvuQkVDX2QLKRxZ7s6rhdfOaq6R6uL108gEzzlXOLqTTJXgM63rcUWNbE7wsIXcCFSF59LLJ7G5Qea33suxdDX6DcK4a0VMZoxmWPtCi1dAT9ggJqc2Sh7mkAqizaB16RXZvSydchpdVj6s4qn4ivr0HKHdAstX0XZ0FFU6lOiNmU3vasMg2uaVG8tyuG8N8VsuXIOQs7xtFxDhilYb8MQ9vES9pWfWPSXFlJAq4XKPY8a0JOIx57EQuWHo3uWgRTIRThvZP9YYzSnjGIHwjS8JeppICHofADXZhJ0uDQaQs7MiXEALpGmT3W6w0G3tBdZcuTDkWx1HsT5jd9jQeJpgD2VxdKh8U4Q3vANTAuwBXLJ2P0stS8Q72JWgNPwKYTY9cPoaGZlUFGgVsq8CdEFH9yW0c27G5s5sfHsyep6t4VxIHHMOX2GmMRyGxDI33am1J7ZmJ1NyXiwkHxtPH5QBpU2PMu2Guf3xIxlk3snMkMAsGO0vYfqO9tdIgdxMYO3HZTYv99OXaHcNQ5u0pRZZyVrNOIPurkEOdJy0nowPemIgUuHWh8vQCuDZav1m35AOl6ftSFuChSm5KstEWnC7q8mJ0juJEBkCRmQphP3V1pqiDjz6YA90qEe7MA3nzT0nHG8A1hWlqcPVPNz4qWNF6Fq1ub4075aXO0H7Krb6rhWGb3ZRPjpb4BKN8jGFQrBUMZprtjAJ67BnfmYgE0mmGLV2QP10gYS1T06kBRyrtp7he6wsPiBPJ7wxPLHNUN2SGQHBTSKagndM99fuaga5Sw9OT8Fzdo7xUJXfhJ97gUnNDrknal0B00NMNvajZeQQTJyBsVSwBZtZ45ZCcq1idc7GWC0MITSk58cIVkSPXbrERUaygyY13dPeEVzjVi9aVJwUF6eJu1s8u3FCJqp2GoWIItwvZO69asX75fekFkmFpNavxM0X0dZC01TTPpV6E6PJoIfW8C06CKNHV7Gk2mkTWGSwUG4xD2L3G3XarodHDcmumFJX9Xviv0rvm38SCtin6OpjH8MHYDrj1OxTJbC2VclJxv73z2BDBquosKOik0fmgbPZN0FUTmjBEwHTvqd5QHTwb3nOpEz3X6YCF0lrcrQc0uhyr7gBGBs86nUBWFRp1LKjIRVTVXDipajqNDTQGNZtzvR9MUf1yJJV07inbrlPOENd7rHpKCrJtoZXOkDqInaIqoMCG3DVd353BGmZNJEKOa3DnL7fb9zwuHlvHAfCco7ZS4wAV87trWkp6skXux9v5WhkumbUyGq4ia6DM1PuqqnFfBTAWDzJsnggAJrzr8O7JbDtaXwcW9sqaOb0S6NvnUDZqiNdDQPMDOKvXRJJJQdf1FSrPCCSPEEWO1SeVwictj7rTbpWGRoukwhgJALys95pGGOQxCPzRGrtVFnGcsLN1CwI3wLbmDnNKUv3KpOLEOPRxQXeXuJRIiYCFum44c0wNr731DvHn3YEJMH4iwFONl1rolEL4w6KFUOCq7ekrE5iyUt1V32PNtuUshXRjOYjBval29JMH5GoqZlGhCczzHMA61cmuzqdFwiPCB9yzqvJTg8TqMNvwKJztFIQK4mc5Ev5rRVSozD796AVRKT8rZF39IA1kmCLdXqz7CCC8x4QjjDpxjKCXP5HkWf9mp2FNBjE3pAeaEc6Vk2ENLlW8WVCe\r\n
|
||||
\r\n
|
||||
2
tests/requests/invalid/008.py
Normal file
2
tests/requests/invalid/008.py
Normal file
@ -0,0 +1,2 @@
|
||||
from gunicorn.http.errors import LimitRequestHeaders
|
||||
request = LimitRequestHeaders
|
||||
106
tests/requests/invalid/009.http
Normal file
106
tests/requests/invalid/009.http
Normal file
@ -0,0 +1,106 @@
|
||||
PUT /stuff/here?foo=bar HTTP/1.0\r\n
|
||||
Server: http://127.0.0.1:5984\r\n
|
||||
Content-Type: application/json\r\n
|
||||
Content-Length: 14\r\n
|
||||
header0: 0\r\n
|
||||
header1: 1\r\n
|
||||
header2: 2\r\n
|
||||
header3: 3\r\n
|
||||
header4: 4\r\n
|
||||
header5: 5\r\n
|
||||
header6: 6\r\n
|
||||
header7: 7\r\n
|
||||
header8: 8\r\n
|
||||
header9: 9\r\n
|
||||
header10: 10\r\n
|
||||
header11: 11\r\n
|
||||
header12: 12\r\n
|
||||
header13: 13\r\n
|
||||
header14: 14\r\n
|
||||
header15: 15\r\n
|
||||
header16: 16\r\n
|
||||
header17: 17\r\n
|
||||
header18: 18\r\n
|
||||
header19: 19\r\n
|
||||
header20: 20\r\n
|
||||
header21: 21\r\n
|
||||
header22: 22\r\n
|
||||
header23: 23\r\n
|
||||
header24: 24\r\n
|
||||
header25: 25\r\n
|
||||
header26: 26\r\n
|
||||
header27: 27\r\n
|
||||
header28: 28\r\n
|
||||
header29: 29\r\n
|
||||
header30: 30\r\n
|
||||
header31: 31\r\n
|
||||
header32: 32\r\n
|
||||
header33: 33\r\n
|
||||
header34: 34\r\n
|
||||
header35: 35\r\n
|
||||
header36: 36\r\n
|
||||
header37: 37\r\n
|
||||
header38: 38\r\n
|
||||
header39: 39\r\n
|
||||
header40: 40\r\n
|
||||
header41: 41\r\n
|
||||
header42: 42\r\n
|
||||
header43: 43\r\n
|
||||
header44: 44\r\n
|
||||
header45: 45\r\n
|
||||
header46: 46\r\n
|
||||
header47: 47\r\n
|
||||
header48: 48\r\n
|
||||
header49: 49\r\n
|
||||
header50: 50\r\n
|
||||
header51: 51\r\n
|
||||
header52: 52\r\n
|
||||
header53: 53\r\n
|
||||
header54: 54\r\n
|
||||
header55: 55\r\n
|
||||
header56: 56\r\n
|
||||
header57: 57\r\n
|
||||
header58: 58\r\n
|
||||
header59: 59\r\n
|
||||
header60: 60\r\n
|
||||
header61: 61\r\n
|
||||
header62: 62\r\n
|
||||
header63: 63\r\n
|
||||
header64: 64\r\n
|
||||
header65: 65\r\n
|
||||
header66: 66\r\n
|
||||
header67: 67\r\n
|
||||
header68: 68\r\n
|
||||
header69: 69\r\n
|
||||
header70: 70\r\n
|
||||
header71: 71\r\n
|
||||
header72: 72\r\n
|
||||
header73: 73\r\n
|
||||
header74: 74\r\n
|
||||
header75: 75\r\n
|
||||
header76: 76\r\n
|
||||
header77: 77\r\n
|
||||
header78: 78\r\n
|
||||
header79: 79\r\n
|
||||
header80: 80\r\n
|
||||
header81: 81\r\n
|
||||
header82: 82\r\n
|
||||
header83: 83\r\n
|
||||
header84: 84\r\n
|
||||
header85: 85\r\n
|
||||
header86: 86\r\n
|
||||
header87: 87\r\n
|
||||
header88: 88\r\n
|
||||
header89: 89\r\n
|
||||
header90: 90\r\n
|
||||
header91: 91\r\n
|
||||
header92: 92\r\n
|
||||
header93: 93\r\n
|
||||
header94: 94\r\n
|
||||
header95: 95\r\n
|
||||
header96: 96\r\n
|
||||
header97: 97\r\n
|
||||
header98: 98\r\n
|
||||
header99: 99\r\n
|
||||
\r\n
|
||||
{"nom": "nom"}
|
||||
2
tests/requests/invalid/009.py
Normal file
2
tests/requests/invalid/009.py
Normal file
@ -0,0 +1,2 @@
|
||||
from gunicorn.http.errors import LimitRequestHeaders
|
||||
request = LimitRequestHeaders
|
||||
Loading…
x
Reference in New Issue
Block a user