jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
gunicorn/tests/requests/valid
History
Paul J. Dorn eda9d456d3 forbid lone CR/LF and NUL in headers 
New parser rule: refuse HTTP requests where a header field value
contains characters that
a) should never appear there in the first place,
b) might have lead to incorrect treatment in a proxy in front, and
c) might lead to unintended behaviour in applications.

From RFC 9110 section 5.5:
"Field values containing CR, LF, or NUL characters are invalid and
dangerous, due to the varying ways that implementations might parse
and interpret those characters; a recipient of CR, LF, or NUL within
a field value MUST either reject the message or replace each of those
characters with SP before further processing or forwarding of that
message."
2024-07-31 01:28:30 +02:00
..
001.http
check if Request Line is too large.
2012-02-20 09:56:06 +01:00
001.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
002.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
002.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
003.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
003.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
004.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
004.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
005.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
005.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
006.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
006.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
007.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
007.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
008.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
008.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
009.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
009.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
010.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
010.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
011.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
011.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
012.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
012.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
013.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
013.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
014.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
014.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
015.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
015.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
016.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
016.py
RFC compliant request line and header parsing
2023-12-15 13:33:31 +01:00
017.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
017.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
018.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
018.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
019.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
019.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
020.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
020.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
021.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
021.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
022.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
022.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
023.http
Added more valid request tests.
2010-06-03 16:11:18 -04:00
023.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
024.http
fix multiple issues with request limit
2012-05-24 12:13:34 +02:00
024.py
Remove upper limit on max header size config (#1313)
2016-09-17 12:49:05 +03:00
025.http
HTTP parser: stricter chunk-ext OBS handling
2023-12-17 17:46:56 +01:00
025.py
fail-safe on unsupported request framing
2023-12-15 13:33:31 +01:00
025compat.http
fail-safe on unsupported request framing
2023-12-15 13:33:31 +01:00
025compat.py
fail-safe on unsupported request framing
2023-12-15 13:33:31 +01:00
026.http
Remove upper limit on max header size config (#1313)
2016-09-17 12:49:05 +03:00
026.py
Remove upper limit on max header size config (#1313)
2016-09-17 12:49:05 +03:00
027.http
http/message: Split request line as bytes to avoid splitting on 0x0A. Fixes #1577
2017-08-25 10:50:34 +02:00
027.py
http/message: Split request line as bytes to avoid splitting on 0x0A. Fixes #1577
2017-08-25 10:50:34 +02:00
028.http
Remove default strip of header name
2019-11-18 19:44:01 -05:00
028.py
Remove default strip of header name
2019-11-18 19:44:01 -05:00
029.http
fail-safe on unsupported request framing
2023-12-15 13:33:31 +01:00
029.py
fail-safe on unsupported request framing
2023-12-15 13:33:31 +01:00
030.http
Handle multiple transfer-encoding
2019-11-18 22:29:02 -05:00
030.py
Handle multiple transfer-encoding
2019-11-18 22:29:02 -05:00
031.http
strict: header field validation: stop casefolding
2023-12-15 13:33:31 +01:00
031.py
RFC compliant request line and header parsing
2023-12-15 13:33:31 +01:00
031compat2.http
strict: header field validation: stop casefolding
2023-12-15 13:33:31 +01:00
031compat2.py
strict: header field validation: stop casefolding
2023-12-15 13:33:31 +01:00
031compat.http
strict: header field validation: stop casefolding
2023-12-15 13:33:31 +01:00
031compat.py
strict: header field validation: stop casefolding
2023-12-15 13:33:31 +01:00
040_compat.http
silently drop or refuse header names w/ underscore
2023-12-15 13:33:31 +01:00
040_compat.py
silently drop or refuse header names w/ underscore
2023-12-15 13:33:31 +01:00
040.http
silently drop or refuse header names w/ underscore
2023-12-15 13:33:31 +01:00
040.py
silently drop or refuse header names w/ underscore
2023-12-15 13:33:31 +01:00
099.http
Added extra valid request (099) and test (send_special_chunks).
2013-12-30 00:14:46 +02:00
099.py
Added extra valid request (099) and test (send_special_chunks).
2013-12-30 00:14:46 +02:00
100.http
Do not strip leading slash from path (#1511)
2017-12-28 11:32:47 +03:00
100.py
Do not strip leading slash from path (#1511)
2017-12-28 11:32:47 +03:00
invalid_field_value_01_compat.http
forbid lone CR/LF and NUL in headers
2024-07-31 01:28:30 +02:00
invalid_field_value_01_compat.py
forbid lone CR/LF and NUL in headers
2024-07-31 01:28:30 +02:00
pp_01.http
Implantation proxy protocol
2012-09-27 19:14:40 +02:00
pp_01.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00
pp_02.http
Implantation proxy protocol
2012-09-27 19:14:40 +02:00
pp_02.py
all tests pass under python 3
2012-10-24 22:07:35 +02:00