denoland-deno/tests/node_compat/test/parallel/test-http-chunked-smuggling.js

// deno-fmt-ignore-file
// deno-lint-ignore-file

// Copyright Joyent and Node contributors. All rights reserved. MIT license.
// Taken from Node 20.11.1
// This file is automatically generated by `tests/node_compat/runner/setup.ts`. Do not modify this file manually.

'use strict';

const common = require('../common');
const http = require('http');
const net = require('net');
const assert = require('assert');

// Verify that invalid chunk extensions cannot be used to perform HTTP request
// smuggling attacks.

const server = http.createServer(common.mustCall((request, response) => {
  assert.notStrictEqual(request.url, '/admin');
  response.end('hello world');
}), 1);

server.listen(0, common.mustCall(start));

function start() {
  const sock = net.connect(server.address().port);

  sock.write('' +
    'GET / HTTP/1.1\r\n' +
    'Host: localhost:8080\r\n' +
    'Transfer-Encoding: chunked\r\n' +
    '\r\n' +
    '2;\n' +
    'xx\r\n' +
    '4c\r\n' +
    '0\r\n' +
    '\r\n' +
    'GET /admin HTTP/1.1\r\n' +
    'Host: localhost:8080\r\n' +
    'Transfer-Encoding: chunked\r\n' +
    '\r\n' +
    '0\r\n' +
    '\r\n'
  );

  sock.resume();
  sock.on('end', common.mustCall(function() {
    server.close();
  }));
}
test: add node compat test cases (#27134) This PR enables node compat test cases found passing by using the tool added in #27122 The percentage of passing test case increases from 16.16% to 30.43% by this change. 2024-12-03 21:37:20 -05:00			`// deno-fmt-ignore-file`
			`// deno-lint-ignore-file`

			`// Copyright Joyent and Node contributors. All rights reserved. MIT license.`
			`// Taken from Node 20.11.1`
			// This file is automatically generated by `tests/node_compat/runner/setup.ts`. Do not modify this file manually.

			`'use strict';`

			`const common = require('../common');`
			`const http = require('http');`
			`const net = require('net');`
			`const assert = require('assert');`

			`// Verify that invalid chunk extensions cannot be used to perform HTTP request`
			`// smuggling attacks.`

			`const server = http.createServer(common.mustCall((request, response) => {`
			`assert.notStrictEqual(request.url, '/admin');`
			`response.end('hello world');`
			`}), 1);`

			`server.listen(0, common.mustCall(start));`

			`function start() {`
			`const sock = net.connect(server.address().port);`

			`sock.write('' +`
			`'GET / HTTP/1.1\r\n' +`
			`'Host: localhost:8080\r\n' +`
			`'Transfer-Encoding: chunked\r\n' +`
			`'\r\n' +`
			`'2;\n' +`
			`'xx\r\n' +`
			`'4c\r\n' +`
			`'0\r\n' +`
			`'\r\n' +`
			`'GET /admin HTTP/1.1\r\n' +`
			`'Host: localhost:8080\r\n' +`
			`'Transfer-Encoding: chunked\r\n' +`
			`'\r\n' +`
			`'0\r\n' +`
			`'\r\n'`
			`);`

			`sock.resume();`
			`sock.on('end', common.mustCall(function() {`
			`server.close();`
			`}));`
			`}`