jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-07 15:35:41 +00:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity
1a25e901b7
node/test/parallel/test-http2-response-splitting.js
James M Snell 0babd181a0 http2: cleanup Http2Stream/Http2Session destroy 
PR-URL: https://github.com/nodejs/node/pull/17406
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>

This is a significant cleanup and refactoring of the
cleanup/close/destroy logic for Http2Stream and Http2Session.
There are significant changes here in the timing and ordering
of cleanup logic, JS apis. and various related necessary edits.
2017-12-18 10:19:21 -08:00

78 lines
2.3 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

'use strict';
// Response splitting is no longer an issue with HTTP/2. The underlying
// nghttp2 implementation automatically strips out the header values that
// contain invalid characters.
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const http2 = require('http2');
const { URL } = require('url');
// Response splitting example, credit: Amit Klein, Safebreach
const str = '/welcome?lang=bar%c4%8d%c4%8aContent­Length:%200%c4%8d%c4%8a%c' +
'4%8d%c4%8aHTTP/1.1%20200%20OK%c4%8d%c4%8aContent­Length:%202' +
'0%c4%8d%c4%8aLast­Modified:%20Mon,%2027%20Oct%202003%2014:50:18' +
'%20GMT%c4%8d%c4%8aContent­Type:%20text/html%c4%8d%c4%8a%c4%8' +
'd%c4%8a%3chtml%3eGotcha!%3c/html%3e';
// Response splitting example, credit: Сковорода Никита Андреевич (@ChALkeR)
const x = 'fooഊSet-Cookie: foo=barഊഊ<script>alert("Hi!")</script>';
const y = 'foo⠊Set-Cookie: foo=bar';
let remaining = 3;
function makeUrl(headers) {
return `${headers[':scheme']}://${headers[':authority']}${headers[':path']}`;
}
const server = http2.createServer();
server.on('stream', common.mustCall((stream, headers) => {
const obj = Object.create(null);
switch (remaining--) {
case 3:
const url = new URL(makeUrl(headers));
obj[':status'] = 302;
obj.Location = `/foo?lang=${url.searchParams.get('lang')}`;
break;
case 2:
obj.foo = x;
break;
case 1:
obj.foo = y;
break;
}
stream.respond(obj);
stream.end();
}, 3));
server.listen(0, common.mustCall(() => {
const client = http2.connect(`http://localhost:${server.address().port}`);
function maybeClose() {
if (remaining === 0) {
server.close();
client.close();
}
}
function doTest(path, key, expected) {
const req = client.request({ ':path': path });
req.on('response', common.mustCall((headers) => {
assert.strictEqual(headers.foo, undefined);
assert.strictEqual(headers.location, undefined);
}));
req.resume();
req.on('end', common.mustCall());
req.on('close', common.mustCall(maybeClose));
}
doTest(str, 'location', str);
doTest('/', 'foo', x);
doTest('/', 'foo', y);
}));
Reference in New Issue View Git Blame Copy Permalink