Skip to content
Permalink
Browse files

test: using TE to smuggle reqs is not possible

See: https://hackerone.com/reports/735748

PR-URL: nodejs-private/node-private#192
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
  • Loading branch information
sam-github committed Jan 16, 2020
1 parent 49f4220 commit e2c8f89b7572a7aea62927923e425bbd7725dca2
Showing with 40 additions and 0 deletions.
  1. +40 −0 test/parallel/test-http-invalid-te.js
@@ -0,0 +1,40 @@
'use strict';

const common = require('../common');

// Test https://hackerone.com/reports/735748 is fixed.

const assert = require('assert');
const http = require('http');
const net = require('net');

const REQUEST_BB = `POST / HTTP/1.1
Content-Type: text/plain; charset=utf-8
Host: hacker.exploit.com
Connection: keep-alive
Content-Length: 10
Transfer-Encoding: chunked, eee
HELLOWORLDPOST / HTTP/1.1
Content-Type: text/plain; charset=utf-8
Host: hacker.exploit.com
Connection: keep-alive
Content-Length: 28
I AM A SMUGGLED REQUEST!!!
`;

const server = http.createServer(common.mustNotCall());

server.on('clientError', common.mustCall((err) => {
assert.strictEqual(err.code, 'HPE_UNEXPECTED_CONTENT_LENGTH');
server.close();
}));

server.listen(0, common.mustCall(() => {
const client = net.connect(
server.address().port,
common.mustCall(() => {
client.end(REQUEST_BB.replace(/\n/g, '\r\n'));
}));
}));

0 comments on commit e2c8f89

Please sign in to comment.
You can’t perform that action at this time.