1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-30 02:59:11 -05:00
denoland-deno/tests/node_compat/test/parallel/test-http-chunked-smuggling.js

51 lines
1.2 KiB
JavaScript
Raw Normal View History

// deno-fmt-ignore-file
// deno-lint-ignore-file
// Copyright Joyent and Node contributors. All rights reserved. MIT license.
// Taken from Node 20.11.1
// This file is automatically generated by `tests/node_compat/runner/setup.ts`. Do not modify this file manually.
'use strict';
const common = require('../common');
const http = require('http');
const net = require('net');
const assert = require('assert');
// Verify that invalid chunk extensions cannot be used to perform HTTP request
// smuggling attacks.
const server = http.createServer(common.mustCall((request, response) => {
assert.notStrictEqual(request.url, '/admin');
response.end('hello world');
}), 1);
server.listen(0, common.mustCall(start));
function start() {
const sock = net.connect(server.address().port);
sock.write('' +
'GET / HTTP/1.1\r\n' +
'Host: localhost:8080\r\n' +
'Transfer-Encoding: chunked\r\n' +
'\r\n' +
'2;\n' +
'xx\r\n' +
'4c\r\n' +
'0\r\n' +
'\r\n' +
'GET /admin HTTP/1.1\r\n' +
'Host: localhost:8080\r\n' +
'Transfer-Encoding: chunked\r\n' +
'\r\n' +
'0\r\n' +
'\r\n'
);
sock.resume();
sock.on('end', common.mustCall(function() {
server.close();
}));
}