Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test,http: check that http server is robust from handler abuse #37958

Merged
merged 1 commit into from
Apr 8, 2021
Merged

test,http: check that http server is robust from handler abuse #37958

merged 1 commit into from
Apr 8, 2021

Conversation

Trott
Copy link
Member

@Trott Trott commented Mar 28, 2021

The only way I could find to complete coverage for _http_common.js is to
use semi-private (exposed but probably shouldn't be) handlers to get the
state into something weird. With the if-condition being checked (see
Refs) commented out, I get this result from this test:

node:_http_common:140
  if (len > 0 && !stream._dumped) {
                         ^

TypeError: Cannot read property '_dumped' of null
    at HTTPParser.parserOnBody (node:_http_common:140:26)

With the check in place, the test passes without an error. Seems like
quite the edge case, but I'm going to assume it's there for a reason.

Refs: https://coverage.nodejs.org/coverage-b560645d6b0a4bed/lib/_http_common.js.html#L137

@nodejs-github-bot nodejs-github-bot added needs-ci PRs that need a full CI run. test Issues and PRs related to the tests. labels Mar 28, 2021
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/37191/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/37288/

@Trott
test,http: check that http server is robust from handler abuse
0da7a11 
The only way I could find to complete coverage for _http_common.js is to
use semi-private (exposed but probably shouldn't be) handlers to get the
state into something weird. With the if-condition being checked (see
Refs) commented out, I get this result from this test:

```
node:_http_common:140
  if (len > 0 && !stream._dumped) {
                         ^

TypeError: Cannot read property '_dumped' of null
    at HTTPParser.parserOnBody (node:_http_common:140:26)
```

With the check in place, the test passes without an error. Seems like
quite the edge case, but I'm going to assume it's there for a reason.

Refs: https://coverage.nodejs.org/coverage-b560645d6b0a4bed/lib/_http_common.js.html#L137

PR-URL: nodejs#37958
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@Trott
Copy link
Member Author

Trott commented Apr 8, 2021

Landed in 0da7a11

@Trott Trott merged commit 0da7a11 into nodejs:master Apr 8, 2021
@Trott Trott deleted the robust-from-tampering branch April 8, 2021 12:22
@BethGriggs BethGriggs mentioned this pull request Apr 12, 2021
Merged
targos pushed a commit that referenced this pull request May 1, 2021
@Trott @targos
test,http: check that http server is robust from handler abuse
8476537 
The only way I could find to complete coverage for _http_common.js is to
use semi-private (exposed but probably shouldn't be) handlers to get the
state into something weird. With the if-condition being checked (see
Refs) commented out, I get this result from this test:

```
node:_http_common:140
  if (len > 0 && !stream._dumped) {
                         ^

TypeError: Cannot read property '_dumped' of null
    at HTTPParser.parserOnBody (node:_http_common:140:26)
```

With the check in place, the test passes without an error. Seems like
quite the edge case, but I'm going to assume it's there for a reason.

Refs: https://coverage.nodejs.org/coverage-b560645d6b0a4bed/lib/_http_common.js.html#L137

PR-URL: #37958
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@danielleadams danielleadams mentioned this pull request May 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cjihrig cjihrig cjihrig approved these changes

@jasnell jasnell jasnell approved these changes

Assignees
No one assigned
Labels
needs-ci PRs that need a full CI run. test Issues and PRs related to the tests.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Trott @nodejs-github-bot @jasnell @cjihrig