-
Notifications
You must be signed in to change notification settings - Fork 54
/
anomalies.yml
100 lines (100 loc) · 4.05 KB
/
anomalies.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# This file generated by diagnose_anomalies.py
# This yaml file tracks the acceptable parsing anomalies in the servers.
aiohttp:
allows-missing-host-header: true
apache:
allows-http-0-9: true
translates-chunked-to-cl: true
cheroot:
allows-missing-host-header: true
header-name-translation: {'-': '_'}
daphne:
allows-missing-host-header: true
deno:
allows-missing-host-header: true
doesnt-support-version: true
fasthttp:
allows-missing-host-header: true
added-headers: [['content-length', '0']]
translates-only-empty-chunked-to-cl: true
gunicorn:
allows-missing-host-header: true
header-name-translation: {'-': '_'}
h2o:
allows-missing-host-header: true
added-headers: [['host', '0.0.0.0']]
header-name-translation: {'-': '_'}
translates-chunked-to-cl: true
haproxy_fcgi:
allows-missing-host-header: true
added-headers: [['content-length', '0']]
translates-chunked-to-cl: true
removed-headers: [['connection', 'keep-alive'], ['connection', 'close']]
hyper:
allows-missing-host-header: true
jetty:
allows-http-0-9: true
method-whitelist: ['DELETE', 'GET', 'POST', 'PUT']
libevent:
allows-missing-host-header: true
method-whitelist: ['DELETE', 'GET', 'POST', 'PUT']
lighttpd:
method-whitelist: ['ACL', 'BASELINE-CONTROL', 'BIND', 'CHECKIN', 'CHECKOUT', 'COPY', 'DELETE', 'GET', 'LABEL', 'LINK', 'LOCK', 'MERGE', 'MKACTIVITY', 'MKCALENDAR', 'MKCOL', 'MKREDIRECTREF', 'MKWORKSPACE', 'MOVE', 'ORDERPATCH', 'PATCH', 'PROPFIND', 'PROPPATCH', 'PUT', 'QUERY', 'REBIND', 'REPORT', 'SEARCH', 'UNBIND', 'UNCHECKOUT', 'UNLINK', 'UNLOCK', 'UPDATE', 'UPDATEREDIRECTREF', 'VERSION-CONTROL']
added-headers: [['content-length', '0']]
translates-chunked-to-cl: true
requires-length-in-post: true
mongoose:
allows-http-0-9: true
allows-missing-host-header: true
requires-length-in-post: true
netty:
allows-missing-host-header: true
nginx:
allows-http-0-9: true
added-headers: [['content-type', ''], ['content-length', '']]
adds-cl-to-chunked: true
requires-alphabetical-method: true
nodejs:
allows-http-0-9: true
method-whitelist: ['ACL', 'BIND', 'CHECKOUT', 'COPY', 'DELETE', 'GET', 'LINK', 'LOCK', 'M-SEARCH', 'MERGE', 'MKACTIVITY', 'MKCALENDAR', 'MKCOL', 'MOVE', 'NOTIFY', 'PATCH', 'POST', 'PROPFIND', 'PROPPATCH', 'PURGE', 'PUT', 'QUERY', 'REBIND', 'REPORT', 'SEARCH', 'SOURCE', 'SUBSCRIBE', 'UNBIND', 'UNLINK', 'UNLOCK', 'UNSUBSCRIBE']
openlitespeed:
allows-missing-host-header: true
method-whitelist: ['BASELINE-CONTROL', 'BIND', 'CHECKIN', 'COPY', 'DELETE', 'GET', 'LABEL', 'LOCK', 'MERGE', 'MKACTIVITY', 'MKCOL', 'MKWORKSPACE', 'MOVE', 'PATCH', 'POST', 'PROPFIND', 'PROPPATCH', 'PURGE', 'PUT', 'REFRESH', 'REPORT', 'SEARCH', 'UNCHECKOUT', 'UNLOCK', 'UPDATE', 'VERSION-CONTROL']
translates-chunked-to-cl: true
passenger:
method-whitelist: ['ACL', 'BIND', 'CHECKOUT', 'COPY', 'DELETE', 'GET', 'LINK', 'LOCK', 'M-SEARCH', 'MERGE', 'MKACTIVITY', 'MKCALENDAR', 'MKCOL', 'MOVE', 'NOTIFY', 'PATCH', 'POST', 'PROPFIND', 'PROPPATCH', 'PURGE', 'PUT', 'REBIND', 'REPORT', 'SEARCH', 'SOURCE', 'SUBSCRIBE', 'UNBIND', 'UNLINK', 'UNLOCK', 'UNSUBSCRIBE']
added-headers: [['connection', 'close']]
doesnt-support-version: true
removed-headers: [['connection', 'keep-alive']]
puma:
allows-missing-host-header: true
header-name-translation: {'-': '_'}
translates-chunked-to-cl: true
tomcat:
allows-http-0-9: true
method-whitelist: ['DELETE', 'GET', 'POST', 'PUT']
tornado:
allows-missing-host-header: true
uhttpd:
allows-missing-host-header: true
method-whitelist: ['DELETE', 'GET', 'PATCH', 'POST', 'PUT']
unicorn:
allows-http-0-9: true
allows-missing-host-header: true
header-name-translation: {'-': '_'}
waitress:
allows-http-0-9: true
allows-missing-host-header: true
header-name-translation: {'-': '_'}
translates-chunked-to-cl: true
webrick:
allows-http-0-9: true
allows-missing-host-header: true
header-name-translation: {'-': '_'}
requires-length-in-post: true
doesnt-support-version: true
removed-headers: [['content-length', '0']]
werkzeug:
allows-http-0-9: true
allows-missing-host-header: true
doesnt-support-version: true