mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-04 03:31:29 +08:00
test: add failing fixtures for control chars in header value
This commit is contained in:
parent
9f7f930a81
commit
826bfc7e88
@ -0,0 +1,4 @@
|
||||
GET /foo HTTP/1.1\r\n
|
||||
Host: example.com\r\n
|
||||
X-Value: plain\x07injected\r\n
|
||||
\r\n
|
||||
10
tests/requests/invalid/rfc9110_field_value_ctl_bel_01.py
Normal file
10
tests/requests/invalid/rfc9110_field_value_ctl_bel_01.py
Normal file
@ -0,0 +1,10 @@
|
||||
#
|
||||
# This file is part of gunicorn released under the MIT license.
|
||||
# See the NOTICE for more information.
|
||||
|
||||
# RFC 9110 section 5.5: field-value characters are field-vchar (VCHAR +
|
||||
# obs-text) plus SP/HTAB. Control characters other than HTAB must not
|
||||
# appear, to prevent log/response injection and parser confusion.
|
||||
from gunicorn.http.errors import InvalidHeader
|
||||
request = InvalidHeader
|
||||
python_only = True
|
||||
@ -0,0 +1,4 @@
|
||||
GET /foo HTTP/1.1\r\n
|
||||
Host: example.com\r\n
|
||||
X-Value: plain\x7finjected\r\n
|
||||
\r\n
|
||||
9
tests/requests/invalid/rfc9110_field_value_ctl_del_01.py
Normal file
9
tests/requests/invalid/rfc9110_field_value_ctl_del_01.py
Normal file
@ -0,0 +1,9 @@
|
||||
#
|
||||
# This file is part of gunicorn released under the MIT license.
|
||||
# See the NOTICE for more information.
|
||||
|
||||
# RFC 9110 section 5.5: DEL (0x7F) is a control character and not a VCHAR;
|
||||
# it must not appear in a field-value.
|
||||
from gunicorn.http.errors import InvalidHeader
|
||||
request = InvalidHeader
|
||||
python_only = True
|
||||
Loading…
x
Reference in New Issue
Block a user