0
@@ -1 +1,19 @@
0
+CC = gcc
0
+CFLAGS = -g -Wall
0
+
0
+TARGETS = parser_test
0
+
0
+all: $(TARGETS)
0
+
0
+parser_test: parser_test.c 
0
+	$(CC) $(CFLAGS) -o $@ $^ -I../src ../src/parser.o
0
+
0
+check: parser_test 
0
+	-./parser_test
0
+
0
+clean:
0
+	rm -f parser_test
0
+	rm -f $(TARGETS)
0
+
0
+.PHONY: all clean check

0
@@ -1 +1,230 @@
0
+#include <stdio.h>
0
+#include <stdlib.h>
0
+#include <string.h>
0
+#include "parser.h"
0
+#include <assert.h>
0
+#define TRUE (1)
0
+#define FALSE (0)
0
+#define assertFalse(x) assert(!(x)); printf(".")
0
+#define assertTrue(x) assert(x); printf(".")
0
+#define assertEquals(x, y) assert(x == y); printf(".")
0
+
0
+void assertStrEquals(const char *expected, const char *given)
0
+{
0
+  int length = strlen(expected);
0
+  assert(strncmp(expected, given, length) == 0);
0
+  printf(".");
0
+}
0
+
0
+http_parser parser;
0
+
0
+/**
0
+ * Definition of test function
0
+ */
0
+void init_test(void)
0
+{
0
+  http_parser_init(&parser);
0
+  assertEquals(0, parser.nread);
0
+}
0
+
0
+
0
+/** Parse Simple **/
0
+
0
+void parse_simple_element_cb(void *_, int type, const char *at, size_t length)
0
+{
0
+  switch(type) {
0
+  case MONGREL_HTTP_VERSION:   assertStrEquals("HTTP/1.1", at); break;
0
+  case MONGREL_REQUEST_PATH:   assertStrEquals("/", at); break;
0
+  case MONGREL_REQUEST_METHOD: assertStrEquals("GET", at); break;
0
+  case MONGREL_REQUEST_URI:    assertStrEquals("/", at); break;
0
+  default:
0
+    printf("unknown: %d\n", type);
0
+    assert(0 && "Got an element that we didn't expect");
0
+  }
0
+}
0
+
0
+void parse_simple_field_cb(void *_, const char *field, size_t flen, const char *value, size_t vlen)
0
+{
0
+  assert(0 && "Shouldn't call field_cb");
0
+}
0
+
0
+void parse_simple_test(void)
0
+{
0
+  const char *simple = "GET / HTTP/1.1\r\n\r\n";
0
+  int nread;
0
+  http_parser_init(&parser);
0
+  parser.on_element = parse_simple_element_cb;
0
+  parser.http_field = parse_simple_field_cb;
0
+  nread = http_parser_execute(&parser, simple, strlen(simple), 0);
0
+  assertEquals(nread, strlen(simple));
0
+  assertTrue(http_parser_is_finished(&parser));
0
+}
0
+
0
+
0
+/** parse_dumbfuck_headers 1 **/
0
+void parse_dumbfuck_element_cb(void *_, int type, const char *at, size_t length)
0
+{
0
+  switch(type) {
0
+  case MONGREL_HTTP_VERSION:   assertStrEquals("HTTP/1.1", at); break;
0
+  case MONGREL_REQUEST_PATH:   assertStrEquals("/", at); break;
0
+  case MONGREL_REQUEST_METHOD: assertStrEquals("GET", at); break;
0
+  case MONGREL_REQUEST_URI:    assertStrEquals("/", at); break;
0
+  default:
0
+    printf("unknown: %d\n", type);
0
+    assert(0 && "Got an element that we didn't expect");
0
+  }
0
+}
0
+
0
+static int parse_dumbfuck_field_count = 0;
0
+void parse_dumbfuck_field_cb(void *_, const char *field, size_t flen, const char *value, size_t vlen)
0
+{
0
+  parse_dumbfuck_field_count++;
0
+  assertStrEquals("aaaaaaaaaaaaa", field);
0
+  assertStrEquals("++++++++++", value);
0
+  assertEquals(1, parse_dumbfuck_field_count);
0
+}
0
+
0
+void parse_dumbfuck_test(void)
0
+{
0
+  const char *dumbfuck = "GET / HTTP/1.1\r\naaaaaaaaaaaaa:++++++++++\r\n\r\n";
0
+  http_parser_init(&parser);
0
+  parser.on_element = parse_dumbfuck_element_cb;
0
+  parser.http_field = parse_dumbfuck_field_cb;
0
+  int nread = http_parser_execute(&parser, dumbfuck, strlen(dumbfuck), 0);
0
+  assertEquals(nread, strlen(dumbfuck));
0
+  assertTrue(http_parser_is_finished(&parser));
0
+}
0
+
0
+
0
+
0
+
0
+
0
+
0
+
0
+
0
+/** parse_dumbfuck_headers 2 **/
0
+void donothing_element_cb(void *_, int type, const char *at, size_t length){;}
0
+
0
+void parse_dumbfuck2_test(void)
0
+{
0
+  const char *dumbfuck2 = "GET / HTTP/1.1\r\nX-SSL-Bullshit:   -----BEGIN CERTIFICATE-----\r\n\tMIIFbTCCBFWgAwIBAgICH4cwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UEBhMCVUsx\r\n\tETAPBgNVBAoTCGVTY2llbmNlMRIwEAYDVQQLEwlBdXRob3JpdHkxCzAJBgNVBAMT\r\n\tAkNBMS0wKwYJKoZIhvcNAQkBFh5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMu\r\n\tdWswHhcNMDYwNzI3MTQxMzI4WhcNMDcwNzI3MTQxMzI4WjBbMQswCQYDVQQGEwJV\r\n\tSzERMA8GA1UEChMIZVNjaWVuY2UxEzARBgNVBAsTCk1hbmNoZXN0ZXIxCzAJBgNV\r\n\tBAcTmrsogriqMWLAk1DMRcwFQYDVQQDEw5taWNoYWVsIHBhcmQYJKoZIhvcNAQEB\r\n\tBQADggEPADCCAQoCggEBANPEQBgl1IaKdSS1TbhF3hEXSl72G9J+WC/1R64fAcEF\r\n\tW51rEyFYiIeZGx/BVzwXbeBoNUK41OK65sxGuflMo5gLflbwJtHBRIEKAfVVp3YR\r\n\tgW7cMA/s/XKgL1GEC7rQw8lIZT8RApukCGqOVHSi/F1SiFlPDxuDfmdiNzL31+sL\r\n\t0iwHDdNkGjy5pyBSB8Y79dsSJtCW/iaLB0/n8Sj7HgvvZJ7x0fr+RQjYOUUfrePP\r\n\tu2MSpFyf+9BbC/aXgaZuiCvSR+8Snv3xApQY+fULK/xY8h8Ua51iXoQ5jrgu2SqR\r\n\twgA7BUi3G8LFzMBl8FRCDYGUDy7M6QaHXx1ZWIPWNKsCAwEAAaOCAiQwggIgMAwG\r\n\tA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMA4GA1UdDwEB/wQEAwID6DAs\r\n\tBglghkgBhvhCAQ0EHxYdVUsgZS1TY2llbmNlIFVzZXIgQ2VydGlmaWNhdGUwHQYD\r\n\tVR0OBBYEFDTt/sf9PeMaZDHkUIldrDYMNTBZMIGaBgNVHSMEgZIwgY+AFAI4qxGj\r\n\tloCLDdMVKwiljjDastqooXSkcjBwMQswCQYDVQQGEwJVSzERMA8GA1UEChMIZVNj\r\n\taWVuY2UxEjAQBgNVBAsTCUF1dGhvcml0eTELMAkGA1UEAxMCQ0ExLTArBgkqhkiG\r\n\t9w0BCQEWHmNhLW9wZXJhdG9yQGdyaWQtc3VwcG9ydC5hYy51a4IBADApBgNVHRIE\r\n\tIjAggR5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMudWswGQYDVR0gBBIwEDAO\r\n\tBgwrBgEEAdkvAQEBAQYwPQYJYIZIAYb4QgEEBDAWLmh0dHA6Ly9jYS5ncmlkLXN1\r\n\tcHBvcnQuYWMudmT4sopwqlBWsvcHViL2NybC9jYWNybC5jcmwwPQYJYIZIAYb4QgEDBDAWLmh0\r\n\tdHA6Ly9jYS5ncmlkLXN1cHBvcnQuYWMudWsvcHViL2NybC9jYWNybC5jcmwwPwYD\r\n\tVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NhLmdyaWQt5hYy51ay9wdWIv\r\n\tY3JsL2NhY3JsLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAS/U4iiooBENGW/Hwmmd3\r\n\tXCy6Zrt08YjKCzGNjorT98g8uGsqYjSxv/hmi0qlnlHs+k/3Iobc3LjS5AMYr5L8\r\n\tUO7OSkgFFlLHQyC9JzPfmLCAugvzEbyv4Olnsr8hbxF1MbKZoQxUZtMVu29wjfXk\r\n\thTeApBv7eaKCWpSp7MCbvgzm74izKhu3vlDk9w6qVrxePfGgpKPqfHiOoGhFnbTK\r\n\twTC6o2xq5y0qZ03JonF7OJspEd3I5zKY3E+ov7/ZhW6DqT8UFvsAdjvQbXyhV8Eu\r\n\tYhixw1aKEPzNjNowuIseVogKOLXxWI5vAi5HgXdS0/ES5gDGsABo4fqovUKlgop3\r\n\tRA==\r\n\t-----END CERTIFICATE-----\r\n\r\n";
0
+  http_parser_init(&parser);
0
+  parser.on_element = donothing_element_cb;
0
+  parser.http_field = 0;
0
+  http_parser_execute(&parser, dumbfuck2, strlen(dumbfuck2), 0);
0
+  assertTrue(http_parser_has_error(&parser));
0
+}
0
+
0
+
0
+
0
+/** test_fragment_in_uri **/
0
+void fragment_in_uri_element_cb(void *_, int type, const char *at, size_t length)
0
+{
0
+  switch(type) {
0
+  case MONGREL_HTTP_VERSION:   assertStrEquals("HTTP/1.1", at); break;
0
+  case MONGREL_REQUEST_PATH:   assertStrEquals("/forums/1/topics/2375", at); break;
0
+  case MONGREL_REQUEST_METHOD: assertStrEquals("GET", at); break;
0
+  case MONGREL_REQUEST_URI:    assertStrEquals("/forums/1/topics/2375?page=1", at); break;
0
+  case MONGREL_FRAGMENT:       assertStrEquals("posts-17408", at); break;
0
+  case MONGREL_QUERY_STRING:   assertStrEquals("page=1", at); break;
0
+  default:
0
+    printf("unknown: %d\n", type);
0
+    assert(0 && "Got an element that we didn't expect");
0
+  }
0
+}
0
+
0
+void fragment_in_uri_test(void)
0
+{
0
+  const char *fragment_in_uri = "GET /forums/1/topics/2375?page=1#posts-17408 HTTP/1.1\r\n\r\n";
0
+  http_parser_init(&parser);
0
+  parser.on_element = fragment_in_uri_element_cb;
0
+  parser.http_field = 0;
0
+  http_parser_execute(&parser, fragment_in_uri, strlen(fragment_in_uri), 0);
0
+  assertTrue(http_parser_is_finished(&parser));
0
+}
0
+
0
+
0
+
0
+
0
+
0
+/* very bad garbage generator */
0
+char *rand_data(int min, int max, int readable)
0
+{
0
+  sranddev();
0
+  int count = min + (int)((rand()/(float)RAND_MAX) * max + 1)*10;
0
+  char *out = malloc(count);
0
+  int i;
0
+  for(i = 0; i < count; i++) {
0
+    if(readable) {
0
+      out[i] = ((double)rand()/RAND_MAX)*25+'A';
0
+    } else {
0
+      out[i] = ((double)rand()/RAND_MAX)*100+10;
0
+    }
0
+  }
0
+  out[i] = '\0';
0
+  return out;
0
+}
0
+
0
+void horrible_queries_test(void) {
0
+  int i;
0
+  char req[1000 * 1024];
0
+  
0
+  for(i = 0; i < 10; i++) {
0
+    sprintf(req, "GET /%s HTTP/1.1\r\nX-%s: Test\r\n\r\n"
0
+               , rand_data(10, 120, TRUE)
0
+               , rand_data(1024, 1024+i*1024, TRUE)
0
+               );
0
+    http_parser_init(&parser);
0
+    parser.on_element = donothing_element_cb;
0
+    parser.http_field = 0;
0
+    http_parser_execute(&parser, req, strlen(req), 0);
0
+    assertTrue(http_parser_has_error(&parser));
0
+  }
0
+  
0
+  /* then that large mangled field values are caught */
0
+  for(i = 0; i < 10; i++) {
0
+    sprintf(req, "GET /%s HTTP/1.1\r\nX-Test: %s\r\n\r\n"
0
+               , rand_data(10,120, TRUE)
0
+               , rand_data(1024, 1024+(i*1024), FALSE)
0
+               );
0
+    http_parser_init(&parser);
0
+    parser.on_element = donothing_element_cb;
0
+    parser.http_field = 0;
0
+    http_parser_execute(&parser, req, strlen(req), 0);
0
+    assertTrue(http_parser_has_error(&parser));
0
+  }
0
+  
0
+  /* then large headers are rejected too */  
0
+  //   # then large headers are rejected too
0
+  //   req = "GET /#{rand_data(10,120)} HTTP/1.1\r\n"
0
+  //   req << "X-Test: test\r\n" * (80 * 1024)
0
+  //   assert drops_request?(req), "large headers are rejected"
0
+  
0
+  
0
+  /* finally just that random garbage gets blocked all the time */
0
+  for(i = 0; i < 10; i++) {
0
+    sprintf(req, "GET %s %s\r\n\r\n"
0
+               , rand_data(1024, 1024+(i*1024), FALSE)
0
+               , rand_data(1024, 1024+(i*1024), FALSE)
0
+               );
0
+    http_parser_init(&parser);
0
+    parser.on_element = donothing_element_cb;
0
+    parser.http_field = 0;
0
+    http_parser_execute(&parser, req, strlen(req), 0);
0
+    assertTrue(http_parser_has_error(&parser));
0
+  }
0
+}
0
+
0
+int main(int argc, char *argv[])
0
+{
0
+  init_test();
0
+  parse_simple_test();
0
+  parse_dumbfuck_test();
0
+  parse_dumbfuck2_test();
0
+  fragment_in_uri_test();
0
+  horrible_queries_test();
0
+  
0
+  printf("\nAll tests passed!\n");
0
+  return 0;
0
+}