cfcbb4227f
This does not yet include support for the //go:embed directive added in this release. * Makefile.am (check-runtime): Don't create check-runtime-dir. (mostlyclean-local): Don't remove check-runtime-dir. (check-go-tool, check-vet): Copy in go.mod and modules.txt. (check-cgo-test, check-carchive-test): Add go.mod file. * Makefile.in: Regenerate. Reviewed-on: https://go-review.googlesource.com/c/gofrontend/+/280172
475 lines
9.7 KiB
Go
475 lines
9.7 KiB
Go
// Copyright 2010 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package http
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"fmt"
|
|
"io"
|
|
"net/url"
|
|
"reflect"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
type reqTest struct {
|
|
Raw string
|
|
Req *Request
|
|
Body string
|
|
Trailer Header
|
|
Error string
|
|
}
|
|
|
|
var noError = ""
|
|
var noBodyStr = ""
|
|
var noTrailer Header = nil
|
|
|
|
var reqTests = []reqTest{
|
|
// Baseline test; All Request fields included for template use
|
|
{
|
|
"GET http://www.techcrunch.com/ HTTP/1.1\r\n" +
|
|
"Host: www.techcrunch.com\r\n" +
|
|
"User-Agent: Fake\r\n" +
|
|
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +
|
|
"Accept-Language: en-us,en;q=0.5\r\n" +
|
|
"Accept-Encoding: gzip,deflate\r\n" +
|
|
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" +
|
|
"Keep-Alive: 300\r\n" +
|
|
"Content-Length: 7\r\n" +
|
|
"Proxy-Connection: keep-alive\r\n\r\n" +
|
|
"abcdef\n???",
|
|
|
|
&Request{
|
|
Method: "GET",
|
|
URL: &url.URL{
|
|
Scheme: "http",
|
|
Host: "www.techcrunch.com",
|
|
Path: "/",
|
|
},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{
|
|
"Accept": {"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"},
|
|
"Accept-Language": {"en-us,en;q=0.5"},
|
|
"Accept-Encoding": {"gzip,deflate"},
|
|
"Accept-Charset": {"ISO-8859-1,utf-8;q=0.7,*;q=0.7"},
|
|
"Keep-Alive": {"300"},
|
|
"Proxy-Connection": {"keep-alive"},
|
|
"Content-Length": {"7"},
|
|
"User-Agent": {"Fake"},
|
|
},
|
|
Close: false,
|
|
ContentLength: 7,
|
|
Host: "www.techcrunch.com",
|
|
RequestURI: "http://www.techcrunch.com/",
|
|
},
|
|
|
|
"abcdef\n",
|
|
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// GET request with no body (the normal case)
|
|
{
|
|
"GET / HTTP/1.1\r\n" +
|
|
"Host: foo.com\r\n\r\n",
|
|
|
|
&Request{
|
|
Method: "GET",
|
|
URL: &url.URL{
|
|
Path: "/",
|
|
},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{},
|
|
Close: false,
|
|
ContentLength: 0,
|
|
Host: "foo.com",
|
|
RequestURI: "/",
|
|
},
|
|
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// Tests that we don't parse a path that looks like a
|
|
// scheme-relative URI as a scheme-relative URI.
|
|
{
|
|
"GET //user@host/is/actually/a/path/ HTTP/1.1\r\n" +
|
|
"Host: test\r\n\r\n",
|
|
|
|
&Request{
|
|
Method: "GET",
|
|
URL: &url.URL{
|
|
Path: "//user@host/is/actually/a/path/",
|
|
},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{},
|
|
Close: false,
|
|
ContentLength: 0,
|
|
Host: "test",
|
|
RequestURI: "//user@host/is/actually/a/path/",
|
|
},
|
|
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// Tests a bogus absolute-path on the Request-Line (RFC 7230 section 5.3.1)
|
|
{
|
|
"GET ../../../../etc/passwd HTTP/1.1\r\n" +
|
|
"Host: test\r\n\r\n",
|
|
nil,
|
|
noBodyStr,
|
|
noTrailer,
|
|
`parse "../../../../etc/passwd": invalid URI for request`,
|
|
},
|
|
|
|
// Tests missing URL:
|
|
{
|
|
"GET HTTP/1.1\r\n" +
|
|
"Host: test\r\n\r\n",
|
|
nil,
|
|
noBodyStr,
|
|
noTrailer,
|
|
`parse "": empty url`,
|
|
},
|
|
|
|
// Tests chunked body with trailer:
|
|
{
|
|
"POST / HTTP/1.1\r\n" +
|
|
"Host: foo.com\r\n" +
|
|
"Transfer-Encoding: chunked\r\n\r\n" +
|
|
"3\r\nfoo\r\n" +
|
|
"3\r\nbar\r\n" +
|
|
"0\r\n" +
|
|
"Trailer-Key: Trailer-Value\r\n" +
|
|
"\r\n",
|
|
&Request{
|
|
Method: "POST",
|
|
URL: &url.URL{
|
|
Path: "/",
|
|
},
|
|
TransferEncoding: []string{"chunked"},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{},
|
|
ContentLength: -1,
|
|
Host: "foo.com",
|
|
RequestURI: "/",
|
|
},
|
|
|
|
"foobar",
|
|
Header{
|
|
"Trailer-Key": {"Trailer-Value"},
|
|
},
|
|
noError,
|
|
},
|
|
|
|
// Tests chunked body and a bogus Content-Length which should be deleted.
|
|
{
|
|
"POST / HTTP/1.1\r\n" +
|
|
"Host: foo.com\r\n" +
|
|
"Transfer-Encoding: chunked\r\n" +
|
|
"Content-Length: 9999\r\n\r\n" + // to be removed.
|
|
"3\r\nfoo\r\n" +
|
|
"3\r\nbar\r\n" +
|
|
"0\r\n" +
|
|
"\r\n",
|
|
&Request{
|
|
Method: "POST",
|
|
URL: &url.URL{
|
|
Path: "/",
|
|
},
|
|
TransferEncoding: []string{"chunked"},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{},
|
|
ContentLength: -1,
|
|
Host: "foo.com",
|
|
RequestURI: "/",
|
|
},
|
|
|
|
"foobar",
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// CONNECT request with domain name:
|
|
{
|
|
"CONNECT www.google.com:443 HTTP/1.1\r\n\r\n",
|
|
|
|
&Request{
|
|
Method: "CONNECT",
|
|
URL: &url.URL{
|
|
Host: "www.google.com:443",
|
|
},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{},
|
|
Close: false,
|
|
ContentLength: 0,
|
|
Host: "www.google.com:443",
|
|
RequestURI: "www.google.com:443",
|
|
},
|
|
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// CONNECT request with IP address:
|
|
{
|
|
"CONNECT 127.0.0.1:6060 HTTP/1.1\r\n\r\n",
|
|
|
|
&Request{
|
|
Method: "CONNECT",
|
|
URL: &url.URL{
|
|
Host: "127.0.0.1:6060",
|
|
},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{},
|
|
Close: false,
|
|
ContentLength: 0,
|
|
Host: "127.0.0.1:6060",
|
|
RequestURI: "127.0.0.1:6060",
|
|
},
|
|
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// CONNECT request for RPC:
|
|
{
|
|
"CONNECT /_goRPC_ HTTP/1.1\r\n\r\n",
|
|
|
|
&Request{
|
|
Method: "CONNECT",
|
|
URL: &url.URL{
|
|
Path: "/_goRPC_",
|
|
},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{},
|
|
Close: false,
|
|
ContentLength: 0,
|
|
Host: "",
|
|
RequestURI: "/_goRPC_",
|
|
},
|
|
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// SSDP Notify request. golang.org/issue/3692
|
|
{
|
|
"NOTIFY * HTTP/1.1\r\nServer: foo\r\n\r\n",
|
|
&Request{
|
|
Method: "NOTIFY",
|
|
URL: &url.URL{
|
|
Path: "*",
|
|
},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{
|
|
"Server": []string{"foo"},
|
|
},
|
|
Close: false,
|
|
ContentLength: 0,
|
|
RequestURI: "*",
|
|
},
|
|
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// OPTIONS request. Similar to golang.org/issue/3692
|
|
{
|
|
"OPTIONS * HTTP/1.1\r\nServer: foo\r\n\r\n",
|
|
&Request{
|
|
Method: "OPTIONS",
|
|
URL: &url.URL{
|
|
Path: "*",
|
|
},
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: Header{
|
|
"Server": []string{"foo"},
|
|
},
|
|
Close: false,
|
|
ContentLength: 0,
|
|
RequestURI: "*",
|
|
},
|
|
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// Connection: close. golang.org/issue/8261
|
|
{
|
|
"GET / HTTP/1.1\r\nHost: issue8261.com\r\nConnection: close\r\n\r\n",
|
|
&Request{
|
|
Method: "GET",
|
|
URL: &url.URL{
|
|
Path: "/",
|
|
},
|
|
Header: Header{
|
|
// This wasn't removed from Go 1.0 to
|
|
// Go 1.3, so locking it in that we
|
|
// keep this:
|
|
"Connection": []string{"close"},
|
|
},
|
|
Host: "issue8261.com",
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Close: true,
|
|
RequestURI: "/",
|
|
},
|
|
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// HEAD with Content-Length 0. Make sure this is permitted,
|
|
// since I think we used to send it.
|
|
{
|
|
"HEAD / HTTP/1.1\r\nHost: issue8261.com\r\nConnection: close\r\nContent-Length: 0\r\n\r\n",
|
|
&Request{
|
|
Method: "HEAD",
|
|
URL: &url.URL{
|
|
Path: "/",
|
|
},
|
|
Header: Header{
|
|
"Connection": []string{"close"},
|
|
"Content-Length": []string{"0"},
|
|
},
|
|
Host: "issue8261.com",
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Close: true,
|
|
RequestURI: "/",
|
|
},
|
|
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
|
|
// http2 client preface:
|
|
{
|
|
"PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n",
|
|
&Request{
|
|
Method: "PRI",
|
|
URL: &url.URL{
|
|
Path: "*",
|
|
},
|
|
Header: Header{},
|
|
Proto: "HTTP/2.0",
|
|
ProtoMajor: 2,
|
|
ProtoMinor: 0,
|
|
RequestURI: "*",
|
|
ContentLength: -1,
|
|
Close: true,
|
|
},
|
|
noBodyStr,
|
|
noTrailer,
|
|
noError,
|
|
},
|
|
}
|
|
|
|
func TestReadRequest(t *testing.T) {
|
|
for i := range reqTests {
|
|
tt := &reqTests[i]
|
|
req, err := ReadRequest(bufio.NewReader(strings.NewReader(tt.Raw)))
|
|
if err != nil {
|
|
if err.Error() != tt.Error {
|
|
t.Errorf("#%d: error %q, want error %q", i, err.Error(), tt.Error)
|
|
}
|
|
continue
|
|
}
|
|
rbody := req.Body
|
|
req.Body = nil
|
|
testName := fmt.Sprintf("Test %d (%q)", i, tt.Raw)
|
|
diff(t, testName, req, tt.Req)
|
|
var bout bytes.Buffer
|
|
if rbody != nil {
|
|
_, err := io.Copy(&bout, rbody)
|
|
if err != nil {
|
|
t.Fatalf("%s: copying body: %v", testName, err)
|
|
}
|
|
rbody.Close()
|
|
}
|
|
body := bout.String()
|
|
if body != tt.Body {
|
|
t.Errorf("%s: Body = %q want %q", testName, body, tt.Body)
|
|
}
|
|
if !reflect.DeepEqual(tt.Trailer, req.Trailer) {
|
|
t.Errorf("%s: Trailers differ.\n got: %v\nwant: %v", testName, req.Trailer, tt.Trailer)
|
|
}
|
|
}
|
|
}
|
|
|
|
// reqBytes treats req as a request (with \n delimiters) and returns it with \r\n delimiters,
|
|
// ending in \r\n\r\n
|
|
func reqBytes(req string) []byte {
|
|
return []byte(strings.ReplaceAll(strings.TrimSpace(req), "\n", "\r\n") + "\r\n\r\n")
|
|
}
|
|
|
|
var badRequestTests = []struct {
|
|
name string
|
|
req []byte
|
|
}{
|
|
{"bad_connect_host", reqBytes("CONNECT []%20%48%54%54%50%2f%31%2e%31%0a%4d%79%48%65%61%64%65%72%3a%20%31%32%33%0a%0a HTTP/1.0")},
|
|
{"smuggle_two_contentlen", reqBytes(`POST / HTTP/1.1
|
|
Content-Length: 3
|
|
Content-Length: 4
|
|
|
|
abc`)},
|
|
{"smuggle_content_len_head", reqBytes(`HEAD / HTTP/1.1
|
|
Host: foo
|
|
Content-Length: 5`)},
|
|
|
|
// golang.org/issue/22464
|
|
{"leading_space_in_header", reqBytes(`HEAD / HTTP/1.1
|
|
Host: foo
|
|
Content-Length: 5`)},
|
|
{"leading_tab_in_header", reqBytes(`HEAD / HTTP/1.1
|
|
\tHost: foo
|
|
Content-Length: 5`)},
|
|
}
|
|
|
|
func TestReadRequest_Bad(t *testing.T) {
|
|
for _, tt := range badRequestTests {
|
|
got, err := ReadRequest(bufio.NewReader(bytes.NewReader(tt.req)))
|
|
if err == nil {
|
|
all, err := io.ReadAll(got.Body)
|
|
t.Errorf("%s: got unexpected request = %#v\n Body = %q, %v", tt.name, got, all, err)
|
|
}
|
|
}
|
|
}
|