mirror of
https://github.com/frappe/gunicorn.git
synced 2026-01-14 11:09:11 +08:00
test number of headers fields and size.
Add --limit-request-fields (limit_request_fields) and
--limit-request-field-size (limit-request-field-size) options.
- limit_request_fields:
Value is a number from 0 (unlimited) to 32768. This parameter is
used to limit the number of headers in a request to prevent DDOS
attack. Used with the `limit_request_field_size` it allows more
safety.
- limit_request_field_size:
Value is a number from 0 (unlimited) to 8190. to set the limit
on the allowed size of an HTTP request header field.
This commit is contained in:
benoitc
parent
b7b0979ad9
commit
7a1c58f236
@ -448,6 +448,38 @@ class LimitRequestLine(Setting):
|
|||||||
This parameter can be used to prevent any DDOS attack.
|
This parameter can be used to prevent any DDOS attack.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
class LimitRequestFields(Setting):
|
||||||
|
name = "limit_request_fields"
|
||||||
|
section = "Security"
|
||||||
|
cli = ["--limit-request-fields"]
|
||||||
|
meta = "INT"
|
||||||
|
validator = validate_pos_int
|
||||||
|
type = "int"
|
||||||
|
default = 100
|
||||||
|
desc= """\
|
||||||
|
Limit the number of HTTP headers fields in a request.
|
||||||
|
|
||||||
|
Value is a number from 0 (unlimited) to 32768. This parameter is
|
||||||
|
used to limit the number of headers in a request to prevent DDOS
|
||||||
|
attack. Used with the `limit_request_field_size` it allows more
|
||||||
|
safety.
|
||||||
|
"""
|
||||||
|
|
||||||
|
class LimitRequestFieldSize(Setting):
|
||||||
|
name = "limit_request_field_size"
|
||||||
|
section = "Security"
|
||||||
|
cli = ["--limit-request-field_size"]
|
||||||
|
meta = "INT"
|
||||||
|
validator = validate_pos_int
|
||||||
|
type = "int"
|
||||||
|
default = 8190
|
||||||
|
desc= """\
|
||||||
|
Limit he allowed size of an HTTP request header field.
|
||||||
|
|
||||||
|
Value is a number from 0 (unlimited) to 8190. to set the limit
|
||||||
|
on the allowed size of an HTTP request header field.
|
||||||
|
"""
|
||||||
|
|
||||||
class Debug(Setting):
|
class Debug(Setting):
|
||||||
name = "debug"
|
name = "debug"
|
||||||
section = "Debugging"
|
section = "Debugging"
|
||||||
|
|||||||
@ -70,3 +70,10 @@ class LimitRequestLine(ParseException):
|
|||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return "Request Line is too large (%s > %s)" % (self.size, self.max_size)
|
return "Request Line is too large (%s > %s)" % (self.size, self.max_size)
|
||||||
|
|
||||||
|
class LimitRequestHeaders(ParseException):
|
||||||
|
def __init__(self, msg):
|
||||||
|
self.msg = msg
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return self.msg
|
||||||
|
|||||||
@ -13,9 +13,12 @@ except ImportError:
|
|||||||
|
|
||||||
from gunicorn.http.body import ChunkedReader, LengthReader, EOFReader, Body
|
from gunicorn.http.body import ChunkedReader, LengthReader, EOFReader, Body
|
||||||
from gunicorn.http.errors import InvalidHeader, InvalidHeaderName, NoMoreData, \
|
from gunicorn.http.errors import InvalidHeader, InvalidHeaderName, NoMoreData, \
|
||||||
InvalidRequestLine, InvalidRequestMethod, InvalidHTTPVersion, LimitRequestLine
|
InvalidRequestLine, InvalidRequestMethod, InvalidHTTPVersion, \
|
||||||
|
LimitRequestLine, LimitRequestHeaders
|
||||||
|
|
||||||
MAX_REQUEST_LINE = 8190
|
MAX_REQUEST_LINE = 8190
|
||||||
|
MAX_HEADERS = 32768
|
||||||
|
MAX_HEADERFIELD_SIZE = 8190
|
||||||
|
|
||||||
class Message(object):
|
class Message(object):
|
||||||
def __init__(self, cfg, unreader):
|
def __init__(self, cfg, unreader):
|
||||||
@ -28,6 +31,19 @@ class Message(object):
|
|||||||
|
|
||||||
self.hdrre = re.compile("[\x00-\x1F\x7F()<>@,;:\[\]={} \t\\\\\"]")
|
self.hdrre = re.compile("[\x00-\x1F\x7F()<>@,;:\[\]={} \t\\\\\"]")
|
||||||
|
|
||||||
|
# set headers limits
|
||||||
|
self.limit_request_fields = max(cfg.limit_request_fields, MAX_HEADERS)
|
||||||
|
if self.limit_request_fields <= 0:
|
||||||
|
self.limit_request_fields = MAX_HEADERS
|
||||||
|
self.limit_request_field_size = max(cfg.limit_request_field_size,
|
||||||
|
MAX_HEADERFIELD_SIZE)
|
||||||
|
if self.limit_request_field_size <= 0:
|
||||||
|
self.limit_request_field_size = MAX_HEADERFIELD_SIZE
|
||||||
|
|
||||||
|
# set max header buffer size
|
||||||
|
self.max_buffer_headers = self.limit_request_fields * \
|
||||||
|
(self.limit_request_field_size + 2) + 4
|
||||||
|
|
||||||
unused = self.parse(self.unreader)
|
unused = self.parse(self.unreader)
|
||||||
self.unreader.unread(unused)
|
self.unreader.unread(unused)
|
||||||
self.set_body_reader()
|
self.set_body_reader()
|
||||||
@ -44,6 +60,9 @@ class Message(object):
|
|||||||
# Parse headers into key/value pairs paying attention
|
# Parse headers into key/value pairs paying attention
|
||||||
# to continuation lines.
|
# to continuation lines.
|
||||||
while len(lines):
|
while len(lines):
|
||||||
|
if len(headers) > self.limit_request_fields:
|
||||||
|
raise LimitRequestHeaders("limit request headers fields")
|
||||||
|
|
||||||
# Parse initial header name : value pair.
|
# Parse initial header name : value pair.
|
||||||
curr = lines.pop(0)
|
curr = lines.pop(0)
|
||||||
if curr.find(":") < 0:
|
if curr.find(":") < 0:
|
||||||
@ -52,6 +71,7 @@ class Message(object):
|
|||||||
name = name.rstrip(" \t").upper()
|
name = name.rstrip(" \t").upper()
|
||||||
if self.hdrre.search(name):
|
if self.hdrre.search(name):
|
||||||
raise InvalidHeaderName(name)
|
raise InvalidHeaderName(name)
|
||||||
|
|
||||||
name, value = name.strip(), [value.lstrip()]
|
name, value = name.strip(), [value.lstrip()]
|
||||||
|
|
||||||
# Consume value continuation lines
|
# Consume value continuation lines
|
||||||
@ -59,6 +79,9 @@ class Message(object):
|
|||||||
value.append(lines.pop(0))
|
value.append(lines.pop(0))
|
||||||
value = ''.join(value).rstrip()
|
value = ''.join(value).rstrip()
|
||||||
|
|
||||||
|
if len(value) > self.limit_request_field_size:
|
||||||
|
raise LimitRequestHeaders("limit request field size")
|
||||||
|
|
||||||
headers.append((name, value))
|
headers.append((name, value))
|
||||||
return headers
|
return headers
|
||||||
|
|
||||||
@ -114,7 +137,6 @@ class Request(Message):
|
|||||||
MAX_REQUEST_LINE)
|
MAX_REQUEST_LINE)
|
||||||
if self.limit_request_line <= 0:
|
if self.limit_request_line <= 0:
|
||||||
self.limit_request_line = MAX_REQUEST_LINE
|
self.limit_request_line = MAX_REQUEST_LINE
|
||||||
|
|
||||||
super(Request, self).__init__(cfg, unreader)
|
super(Request, self).__init__(cfg, unreader)
|
||||||
|
|
||||||
|
|
||||||
@ -151,12 +173,18 @@ class Request(Message):
|
|||||||
idx = data.find("\r\n\r\n")
|
idx = data.find("\r\n\r\n")
|
||||||
|
|
||||||
done = data[:2] == "\r\n"
|
done = data[:2] == "\r\n"
|
||||||
while idx < 0 and not done:
|
while True:
|
||||||
self.get_data(unreader, buf)
|
|
||||||
data = buf.getvalue()
|
|
||||||
idx = data.find("\r\n\r\n")
|
idx = data.find("\r\n\r\n")
|
||||||
done = data[:2] == "\r\n"
|
done = data[:2] == "\r\n"
|
||||||
|
|
||||||
|
if idx < 0 and not done:
|
||||||
|
self.get_data(unreader, buf)
|
||||||
|
data = buf.getvalue()
|
||||||
|
if len(data) > self.max_buffer_headers:
|
||||||
|
raise LimitRequestHeaders("max buffer headers")
|
||||||
|
else:
|
||||||
|
break
|
||||||
|
|
||||||
if done:
|
if done:
|
||||||
self.unreader.unread(data[2:])
|
self.unreader.unread(data[2:])
|
||||||
return ""
|
return ""
|
||||||
|
|||||||
@ -16,7 +16,7 @@ from gunicorn.workers.workertmp import WorkerTmp
|
|||||||
|
|
||||||
from gunicorn.http.errors import InvalidHeader, InvalidHeaderName, \
|
from gunicorn.http.errors import InvalidHeader, InvalidHeaderName, \
|
||||||
InvalidRequestLine, InvalidRequestMethod, InvalidHTTPVersion, \
|
InvalidRequestLine, InvalidRequestMethod, InvalidHTTPVersion, \
|
||||||
LimitRequestLine
|
LimitRequestLine, LimitRequestHeaders
|
||||||
|
|
||||||
|
|
||||||
class Worker(object):
|
class Worker(object):
|
||||||
@ -149,7 +149,9 @@ class Worker(object):
|
|||||||
elif isinstance(exc, (InvalidHeaderName, InvalidHeader,)):
|
elif isinstance(exc, (InvalidHeaderName, InvalidHeader,)):
|
||||||
mesg = "<p>Invalid Header '%s'</p>" % str(exc)
|
mesg = "<p>Invalid Header '%s'</p>" % str(exc)
|
||||||
elif isinstance(exc, LimitRequestLine):
|
elif isinstance(exc, LimitRequestLine):
|
||||||
msg = str(exc)
|
msg = "<p>%s</p>" % str(exc)
|
||||||
|
elif isinstance(exc, LimitRequestHeaders):
|
||||||
|
msg = "<p>Error parsing headers: '%s'</p>" % str(exc)
|
||||||
|
|
||||||
if self.debug:
|
if self.debug:
|
||||||
tb = traceback.format_exc()
|
tb = traceback.format_exc()
|
||||||
|
|||||||
8
tests/requests/invalid/007.http
Normal file
8
tests/requests/invalid/007.http
Normal file
File diff suppressed because one or more lines are too long
2
tests/requests/invalid/007.py
Normal file
2
tests/requests/invalid/007.py
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
from gunicorn.http.errors import LimitRequestHeaders
|
||||||
|
request = LimitRequestHeaders
|
||||||
6
tests/requests/invalid/008.http
Normal file
6
tests/requests/invalid/008.http
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
PUT /stuff/here?foo=bar HTTP/1.0\r\n
|
||||||
|
Server: http://127.0.0.1:5984\r\n
|
||||||
|
Content-Type: application/json\r\n
|
||||||
|
Someheader: 08aP8931Ltyl9nqyJvjMaRCOgDV3uONtAdHABjoZUG6KAP6h3Vh97O3GJjjovXYgNdrhxc7TriXoAmeehZMJx88EyhcPXO0f09Nvd128SZnxZ2r5jFDELkn26reKRysODSLBZLfjU3vxLzLXKWeFOFJKcZYRH9V7hC98DDS4ZsS7weUksBuK6m86aLNHHHB0Xbyxv1TiDbOWYIzKxV0eZKyk0CaDLDiR0CRuMOf4rwBeuHoMrumzafrFI5iL72ANQZmOvKdk1qQeXkRqEG11YU0kF7f1hSlmgiIgg5maWiBsA9sAg36IIXZMWwJF63zpMgAyjTT8l4pQhSBfhY2xbGAWmLGpyd1rlBm0O5LCoKpnQuTACm2azi0x6a1Qbry9flQBO4jHge2dXiD1si6Gh5q8fZu8ZQ7LLWii2u4rGB7E4XlhnClrCHg5vJmjYf2AItYPA0ogsiIdEEQGpzMJPqrp8Icn5kAAimWF1aCYaDjcdSgWI48PnoxlzIHX50EPFcPOSLecjkstD9z66H554sUXfWn3Mk9lnOUlse6nx0u1YClFK4UFXp98ru9eBBr7pkAsfZ34yPskayGyXPPyzWyBfVd28UuvdEG47SMdyqEpX0rFdk67fAYij0PWMK79mDmGAS37O821o18XUbu0GQjsqAGVMN9LDIAliD9QqtlwdEnplKkUyyZ7GAFJCFffgzppU9CjA2FbPX6ZjTOi4sPoYEyhyeQKVqAe9keYeDpU2qDwq83XEDQUKvP0w48GyavSmdBcrMXjUsu0PfdYpSaKwarrUB3i93HgoQB3ZJIR4lW6iPRTmm28OEKq2MIJGAoTXxCZYM5UacRldlqQOj6JkYz6y7ppWOjJ9yiCUEenuvfcItgmw9HIgGA59JxO8NDLEZLSONfuIgiV7wjsJnxuTOlU4vkjV7fTuOeU91xez7UKhaTqqEW3XBUSLjhKi3IkZg7ukrGZTWPhijFv2EZwEWDAyLlHvZB4X738zGJUlEX1k52EHwrKVKdLfePcaOjAGKsongHBFYxYC8vBBLuKm9RWexKCT14M25pCGloJXZ4OpBRfDQA2kobLUcEXEpzqRBPGN2JdNSBOFlUtUxWKnnPBM6r9S356l3k1o9zTIPeoIitWRjASs4A0iwYc8p5vv5Kt8KtsmW7Xv8dlU8HbZHsy3LI7O9BpUH8cJubqdEhooKABkx71pdcsZGhZb6epyTiPyvOhdJ7tNtFy3KQOameqTgGyd53Z42eZ0AjaOEvnzermi2E0xo3MMHFhB74TFtNAI3ppxxyqknc1mzUqZ49Wi8YPBg9ids6IgZvddBQYvwEozkmyGAkatQtt9TD4LjU3TyyUlhNG21q7CzEEl8NNsVrV6QyHsfw7E5w7XcoT7OQkBYoZwHIAjfekehnpc2llRtRY5m43fPVasmsVazOR36DRSLZJPHAqUDO0LInu9mgP57Mnz9CgylEmdE2aaYs426rnTFR3G3CfjLofHfjaLOkAegr4W3jx6MNMMOMZw2u46YTCnlfbBK6ZA1UYeAH1DIQJykcSQESinC8HpYIJt9A8g7UT0awzRP1F9nHa3wDnaAHndQYKMrjzlWo8ejQ0XHWgHhqnWHgW4h9sOnJckH00CYK1fHUKASJ3D8kOKax6uplexfz6BCvAoL9zm5TjeB1yxrpLp9NjjTWSKG2HOZhPkGpdEqU4mjnN2AkUVACPGos5YLBmTnSrdOEGZJDlAvJOUt800Mu3BYc1MiDIB6LMSSV5RsIUDFOzNletGQoq4G3yHZmx78uEse5vUTPFF3KT8LCrssqdIU9H97Npgf6N5j8arQ7ykLzN459jJaUzpGIo6uowPnUSatDf9GAvAmWNvsVTz6bYiAV71C7QF0C7UolYIQY6DHJEHejgX2YMEovWNLPL50eeC51h4DdPNv5G4ZdNtQTRVybYBZMpetGDiFmXN0JKa1sKHOSZxdrhKjxDIhrYVyCcRUMQ0sjGGHFuOcRszr6E5igEMtsebHQ3KYiGd5B27LikpUHhk61rgZlulHdMoS6YgQs6SV6UMVNku6sCw529xhUciDwRMhsbAjDlahYbrGa3NryxyV5LrXONGGKCchCqv7vDMdAtPrVr8M2vL5MySQAC3g90iugGQcLH3hCf9f1Kn5X0hM4KZTfwOPJhlfJsMRNhssiDoXaycUvOUS58266yPDlitPIAzO03XClm4EDPXGIwcwiFr7FcDo3tQIMZVy87i48Zb80s3zAYRiBIS0vO3RKGx3OGN5zid2B7MfnfLzvpvgZoirHhAqXffnym5abpZNzGuo5GowTRA2Ptk4Ve2JFoHACWpD6HiGnRZ9QVOmPICoQrSUQw45Jlk9onKJz5Erhnx0943Uno6tMJ5jbrWBNiIO7i04xzRBgujeiAJvuQkVDX2QLKRxZ7s6rhdfOaq6R6uL108gEzzlXOLqTTJXgM63rcUWNbE7wsIXcCFSF59LLJ7G5Qea33suxdDX6DcK4a0VMZoxmWPtCi1dAT9ggJqc2Sh7mkAqizaB16RXZvSydchpdVj6s4qn4ivr0HKHdAstX0XZ0FFU6lOiNmU3vasMg2uaVG8tyuG8N8VsuXIOQs7xtFxDhilYb8MQ9vES9pWfWPSXFlJAq4XKPY8a0JOIx57EQuWHo3uWgRTIRThvZP9YYzSnjGIHwjS8JeppICHofADXZhJ0uDQaQs7MiXEALpGmT3W6w0G3tBdZcuTDkWx1HsT5jd9jQeJpgD2VxdKh8U4Q3vANTAuwBXLJ2P0stS8Q72JWgNPwKYTY9cPoaGZlUFGgVsq8CdEFH9yW0c27G5s5sfHsyep6t4VxIHHMOX2GmMRyGxDI33am1J7ZmJ1NyXiwkHxtPH5QBpU2PMu2Guf3xIxlk3snMkMAsGO0vYfqO9tdIgdxMYO3HZTYv99OXaHcNQ5u0pRZZyVrNOIPurkEOdJy0nowPemIgUuHWh8vQCuDZav1m35AOl6ftSFuChSm5KstEWnC7q8mJ0juJEBkCRmQphP3V1pqiDjz6YA90qEe7MA3nzT0nHG8A1hWlqcPVPNz4qWNF6Fq1ub4075aXO0H7Krb6rhWGb3ZRPjpb4BKN8jGFQrBUMZprtjAJ67BnfmYgE0mmGLV2QP10gYS1T06kBRyrtp7he6wsPiBPJ7wxPLHNUN2SGQHBTSKagndM99fuaga5Sw9OT8Fzdo7xUJXfhJ97gUnNDrknal0B00NMNvajZeQQTJyBsVSwBZtZ45ZCcq1idc7GWC0MITSk58cIVkSPXbrERUaygyY13dPeEVzjVi9aVJwUF6eJu1s8u3FCJqp2GoWIItwvZO69asX75fekFkmFpNavxM0X0dZC01TTPpV6E6PJoIfW8C06CKNHV7Gk2mkTWGSwUG4xD2L3G3XarodHDcmumFJX9Xviv0rvm38SCtin6OpjH8MHYDrj1OxTJbC2VclJxv73z2BDBquosKOik0fmgbPZN0FUTmjBEwHTvqd5QHTwb3nOpEz3X6YCF0lrcrQc0uhyr7gBGBs86nUBWFRp1LKjIRVTVXDipajqNDTQGNZtzvR9MUf1yJJV07inbrlPOENd7rHpKCrJtoZXOkDqInaIqoMCG3DVd353BGmZNJEKOa3DnL7fb9zwuHlvHAfCco7ZS4wAV87trWkp6skXux9v5WhkumbUyGq4ia6DM1PuqqnFfBTAWDzJsnggAJrzr8O7JbDtaXwcW9sqaOb0S6NvnUDZqiNdDQPMDOKvXRJJJQdf1FSrPCCSPEEWO1SeVwictj7rTbpWGRoukwhgJALys95pGGOQxCPzRGrtVFnGcsLN1CwI3wLbmDnNKUv3KpOLEOPRxQXeXuJRIiYCFum44c0wNr731DvHn3YEJMH4iwFONl1rolEL4w6KFUOCq7ekrE5iyUt1V32PNtuUshXRjOYjBval29JMH5GoqZlGhCczzHMA61cmuzqdFwiPCB9yzqvJTg8TqMNvwKJztFIQK4mc5Ev5rRVSozD796AVRKT8rZF39IA1kmCLdXqz7CCC8x4QjjDpxjKCXP5HkWf9mp2FNBjE3pAeaEc6Vk2ENLlW8WVCe\r\n
|
||||||
|
Someheader: 08aP8931Ltyl9nqyJvjMaRCOgDV3uONtAdHABjoZUG6KAP6h3Vh97O3GJjjovXYgNdrhxc7TriXoAmeehZMJx88EyhcPXO0f09Nvd128SZnxZ2r5jFDELkn26reKRysODSLBZLfjU3vxLzLXKWeFOFJKcZYRH9V7hC98DDS4ZsS7weUksBuK6m86aLNHHHB0Xbyxv1TiDbOWYIzKxV0eZKyk0CaDLDiR0CRuMOf4rwBeuHoMrumzafrFI5iL72ANQZmOvKdk1qQeXkRqEG11YU0kF7f1hSlmgiIgg5maWiBsA9sAg36IIXZMWwJF63zpMgAyjTT8l4pQhSBfhY2xbGAWmLGpyd1rlBm0O5LCoKpnQuTACm2azi0x6a1Qbry9flQBO4jHge2dXiD1si6Gh5q8fZu8ZQ7LLWii2u4rGB7E4XlhnClrCHg5vJmjYf2AItYPA0ogsiIdEEQGpzMJPqrp8Icn5kAAimWF1aCYaDjcdSgWI48PnoxlzIHX50EPFcPOSLecjkstD9z66H554sUXfWn3Mk9lnOUlse6nx0u1YClFK4UFXp98ru9eBBr7pkAsfZ34yPskayGyXPPyzWyBfVd28UuvdEG47SMdyqEpX0rFdk67fAYij0PWMK79mDmGAS37O821o18XUbu0GQjsqAGVMN9LDIAliD9QqtlwdEnplKkUyyZ7GAFJCFffgzppU9CjA2FbPX6ZjTOi4sPoYEyhyeQKVqAe9keYeDpU2qDwq83XEDQUKvP0w48GyavSmdBcrMXjUsu0PfdYpSaKwarrUB3i93HgoQB3ZJIR4lW6iPRTmm28OEKq2MIJGAoTXxCZYM5UacRldlqQOj6JkYz6y7ppWOjJ9yiCUEenuvfcItgmw9HIgGA59JxO8NDLEZLSONfuIgiV7wjsJnxuTOlU4vkjV7fTuOeU91xez7UKhaTqqEW3XBUSLjhKi3IkZg7ukrGZTWPhijFv2EZwEWDAyLlHvZB4X738zGJUlEX1k52EHwrKVKdLfePcaOjAGKsongHBFYxYC8vBBLuKm9RWexKCT14M25pCGloJXZ4OpBRfDQA2kobLUcEXEpzqRBPGN2JdNSBOFlUtUxWKnnPBM6r9S356l3k1o9zTIPeoIitWRjASs4A0iwYc8p5vv5Kt8KtsmW7Xv8dlU8HbZHsy3LI7O9BpUH8cJubqdEhooKABkx71pdcsZGhZb6epyTiPyvOhdJ7tNtFy3KQOameqTgGyd53Z42eZ0AjaOEvnzermi2E0xo3MMHFhB74TFtNAI3ppxxyqknc1mzUqZ49Wi8YPBg9ids6IgZvddBQYvwEozkmyGAkatQtt9TD4LjU3TyyUlhNG21q7CzEEl8NNsVrV6QyHsfw7E5w7XcoT7OQkBYoZwHIAjfekehnpc2llRtRY5m43fPVasmsVazOR36DRSLZJPHAqUDO0LInu9mgP57Mnz9CgylEmdE2aaYs426rnTFR3G3CfjLofHfjaLOkAegr4W3jx6MNMMOMZw2u46YTCnlfbBK6ZA1UYeAH1DIQJykcSQESinC8HpYIJt9A8g7UT0awzRP1F9nHa3wDnaAHndQYKMrjzlWo8ejQ0XHWgHhqnWHgW4h9sOnJckH00CYK1fHUKASJ3D8kOKax6uplexfz6BCvAoL9zm5TjeB1yxrpLp9NjjTWSKG2HOZhPkGpdEqU4mjnN2AkUVACPGos5YLBmTnSrdOEGZJDlAvJOUt800Mu3BYc1MiDIB6LMSSV5RsIUDFOzNletGQoq4G3yHZmx78uEse5vUTPFF3KT8LCrssqdIU9H97Npgf6N5j8arQ7ykLzN459jJaUzpGIo6uowPnUSatDf9GAvAmWNvsVTz6bYiAV71C7QF0C7UolYIQY6DHJEHejgX2YMEovWNLPL50eeC51h4DdPNv5G4ZdNtQTRVybYBZMpetGDiFmXN0JKa1sKHOSZxdrhKjxDIhrYVyCcRUMQ0sjGGHFuOcRszr6E5igEMtsebHQ3KYiGd5B27LikpUHhk61rgZlulHdMoS6YgQs6SV6UMVNku6sCw529xhUciDwRMhsbAjDlahYbrGa3NryxyV5LrXONGGKCchCqv7vDMdAtPrVr8M2vL5MySQAC3g90iugGQcLH3hCf9f1Kn5X0hM4KZTfwOPJhlfJsMRNhssiDoXaycUvOUS58266yPDlitPIAzO03XClm4EDPXGIwcwiFr7FcDo3tQIMZVy87i48Zb80s3zAYRiBIS0vO3RKGx3OGN5zid2B7MfnfLzvpvgZoirHhAqXffnym5abpZNzGuo5GowTRA2Ptk4Ve2JFoHACWpD6HiGnRZ9QVOmPICoQrSUQw45Jlk9onKJz5Erhnx0943Uno6tMJ5jbrWBNiIO7i04xzRBgujeiAJvuQkVDX2QLKRxZ7s6rhdfOaq6R6uL108gEzzlXOLqTTJXgM63rcUWNbE7wsIXcCFSF59LLJ7G5Qea33suxdDX6DcK4a0VMZoxmWPtCi1dAT9ggJqc2Sh7mkAqizaB16RXZvSydchpdVj6s4qn4ivr0HKHdAstX0XZ0FFU6lOiNmU3vasMg2uaVG8tyuG8N8VsuXIOQs7xtFxDhilYb8MQ9vES9pWfWPSXFlJAq4XKPY8a0JOIx57EQuWHo3uWgRTIRThvZP9YYzSnjGIHwjS8JeppICHofADXZhJ0uDQaQs7MiXEALpGmT3W6w0G3tBdZcuTDkWx1HsT5jd9jQeJpgD2VxdKh8U4Q3vANTAuwBXLJ2P0stS8Q72JWgNPwKYTY9cPoaGZlUFGgVsq8CdEFH9yW0c27G5s5sfHsyep6t4VxIHHMOX2GmMRyGxDI33am1J7ZmJ1NyXiwkHxtPH5QBpU2PMu2Guf3xIxlk3snMkMAsGO0vYfqO9tdIgdxMYO3HZTYv99OXaHcNQ5u0pRZZyVrNOIPurkEOdJy0nowPemIgUuHWh8vQCuDZav1m35AOl6ftSFuChSm5KstEWnC7q8mJ0juJEBkCRmQphP3V1pqiDjz6YA90qEe7MA3nzT0nHG8A1hWlqcPVPNz4qWNF6Fq1ub4075aXO0H7Krb6rhWGb3ZRPjpb4BKN8jGFQrBUMZprtjAJ67BnfmYgE0mmGLV2QP10gYS1T06kBRyrtp7he6wsPiBPJ7wxPLHNUN2SGQHBTSKagndM99fuaga5Sw9OT8Fzdo7xUJXfhJ97gUnNDrknal0B00NMNvajZeQQTJyBsVSwBZtZ45ZCcq1idc7GWC0MITSk58cIVkSPXbrERUaygyY13dPeEVzjVi9aVJwUF6eJu1s8u3FCJqp2GoWIItwvZO69asX75fekFkmFpNavxM0X0dZC01TTPpV6E6PJoIfW8C06CKNHV7Gk2mkTWGSwUG4xD2L3G3XarodHDcmumFJX9Xviv0rvm38SCtin6OpjH8MHYDrj1OxTJbC2VclJxv73z2BDBquosKOik0fmgbPZN0FUTmjBEwHTvqd5QHTwb3nOpEz3X6YCF0lrcrQc0uhyr7gBGBs86nUBWFRp1LKjIRVTVXDipajqNDTQGNZtzvR9MUf1yJJV07inbrlPOENd7rHpKCrJtoZXOkDqInaIqoMCG3DVd353BGmZNJEKOa3DnL7fb9zwuHlvHAfCco7ZS4wAV87trWkp6skXux9v5WhkumbUyGq4ia6DM1PuqqnFfBTAWDzJsnggAJrzr8O7JbDtaXwcW9sqaOb0S6NvnUDZqiNdDQPMDOKvXRJJJQdf1FSrPCCSPEEWO1SeVwictj7rTbpWGRoukwhgJALys95pGGOQxCPzRGrtVFnGcsLN1CwI3wLbmDnNKUv3KpOLEOPRxQXeXuJRIiYCFum44c0wNr731DvHn3YEJMH4iwFONl1rolEL4w6KFUOCq7ekrE5iyUt1V32PNtuUshXRjOYjBval29JMH5GoqZlGhCczzHMA61cmuzqdFwiPCB9yzqvJTg8TqMNvwKJztFIQK4mc5Ev5rRVSozD796AVRKT8rZF39IA1kmCLdXqz7CCC8x4QjjDpxjKCXP5HkWf9mp2FNBjE3pAeaEc6Vk2ENLlW8WVCe\r\n
|
||||||
|
\r\n
|
||||||
2
tests/requests/invalid/008.py
Normal file
2
tests/requests/invalid/008.py
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
from gunicorn.http.errors import LimitRequestHeaders
|
||||||
|
request = LimitRequestHeaders
|
||||||
106
tests/requests/invalid/009.http
Normal file
106
tests/requests/invalid/009.http
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
PUT /stuff/here?foo=bar HTTP/1.0\r\n
|
||||||
|
Server: http://127.0.0.1:5984\r\n
|
||||||
|
Content-Type: application/json\r\n
|
||||||
|
Content-Length: 14\r\n
|
||||||
|
header0: 0\r\n
|
||||||
|
header1: 1\r\n
|
||||||
|
header2: 2\r\n
|
||||||
|
header3: 3\r\n
|
||||||
|
header4: 4\r\n
|
||||||
|
header5: 5\r\n
|
||||||
|
header6: 6\r\n
|
||||||
|
header7: 7\r\n
|
||||||
|
header8: 8\r\n
|
||||||
|
header9: 9\r\n
|
||||||
|
header10: 10\r\n
|
||||||
|
header11: 11\r\n
|
||||||
|
header12: 12\r\n
|
||||||
|
header13: 13\r\n
|
||||||
|
header14: 14\r\n
|
||||||
|
header15: 15\r\n
|
||||||
|
header16: 16\r\n
|
||||||
|
header17: 17\r\n
|
||||||
|
header18: 18\r\n
|
||||||
|
header19: 19\r\n
|
||||||
|
header20: 20\r\n
|
||||||
|
header21: 21\r\n
|
||||||
|
header22: 22\r\n
|
||||||
|
header23: 23\r\n
|
||||||
|
header24: 24\r\n
|
||||||
|
header25: 25\r\n
|
||||||
|
header26: 26\r\n
|
||||||
|
header27: 27\r\n
|
||||||
|
header28: 28\r\n
|
||||||
|
header29: 29\r\n
|
||||||
|
header30: 30\r\n
|
||||||
|
header31: 31\r\n
|
||||||
|
header32: 32\r\n
|
||||||
|
header33: 33\r\n
|
||||||
|
header34: 34\r\n
|
||||||
|
header35: 35\r\n
|
||||||
|
header36: 36\r\n
|
||||||
|
header37: 37\r\n
|
||||||
|
header38: 38\r\n
|
||||||
|
header39: 39\r\n
|
||||||
|
header40: 40\r\n
|
||||||
|
header41: 41\r\n
|
||||||
|
header42: 42\r\n
|
||||||
|
header43: 43\r\n
|
||||||
|
header44: 44\r\n
|
||||||
|
header45: 45\r\n
|
||||||
|
header46: 46\r\n
|
||||||
|
header47: 47\r\n
|
||||||
|
header48: 48\r\n
|
||||||
|
header49: 49\r\n
|
||||||
|
header50: 50\r\n
|
||||||
|
header51: 51\r\n
|
||||||
|
header52: 52\r\n
|
||||||
|
header53: 53\r\n
|
||||||
|
header54: 54\r\n
|
||||||
|
header55: 55\r\n
|
||||||
|
header56: 56\r\n
|
||||||
|
header57: 57\r\n
|
||||||
|
header58: 58\r\n
|
||||||
|
header59: 59\r\n
|
||||||
|
header60: 60\r\n
|
||||||
|
header61: 61\r\n
|
||||||
|
header62: 62\r\n
|
||||||
|
header63: 63\r\n
|
||||||
|
header64: 64\r\n
|
||||||
|
header65: 65\r\n
|
||||||
|
header66: 66\r\n
|
||||||
|
header67: 67\r\n
|
||||||
|
header68: 68\r\n
|
||||||
|
header69: 69\r\n
|
||||||
|
header70: 70\r\n
|
||||||
|
header71: 71\r\n
|
||||||
|
header72: 72\r\n
|
||||||
|
header73: 73\r\n
|
||||||
|
header74: 74\r\n
|
||||||
|
header75: 75\r\n
|
||||||
|
header76: 76\r\n
|
||||||
|
header77: 77\r\n
|
||||||
|
header78: 78\r\n
|
||||||
|
header79: 79\r\n
|
||||||
|
header80: 80\r\n
|
||||||
|
header81: 81\r\n
|
||||||
|
header82: 82\r\n
|
||||||
|
header83: 83\r\n
|
||||||
|
header84: 84\r\n
|
||||||
|
header85: 85\r\n
|
||||||
|
header86: 86\r\n
|
||||||
|
header87: 87\r\n
|
||||||
|
header88: 88\r\n
|
||||||
|
header89: 89\r\n
|
||||||
|
header90: 90\r\n
|
||||||
|
header91: 91\r\n
|
||||||
|
header92: 92\r\n
|
||||||
|
header93: 93\r\n
|
||||||
|
header94: 94\r\n
|
||||||
|
header95: 95\r\n
|
||||||
|
header96: 96\r\n
|
||||||
|
header97: 97\r\n
|
||||||
|
header98: 98\r\n
|
||||||
|
header99: 99\r\n
|
||||||
|
\r\n
|
||||||
|
{"nom": "nom"}
|
||||||
2
tests/requests/invalid/009.py
Normal file
2
tests/requests/invalid/009.py
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
from gunicorn.http.errors import LimitRequestHeaders
|
||||||
|
request = LimitRequestHeaders
|
||||||
Loading…
x
Reference in New Issue
Block a user