Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test,http: check that http server is robust from handler abuse #37958

Merged
merged 1 commit into from
Apr 8, 2021

Conversation

Trott
Copy link
Member

@Trott Trott commented Mar 28, 2021

The only way I could find to complete coverage for _http_common.js is to
use semi-private (exposed but probably shouldn't be) handlers to get the
state into something weird. With the if-condition being checked (see
Refs) commented out, I get this result from this test:

node:_http_common:140
  if (len > 0 && !stream._dumped) {
                         ^

TypeError: Cannot read property '_dumped' of null
    at HTTPParser.parserOnBody (node:_http_common:140:26)

With the check in place, the test passes without an error. Seems like
quite the edge case, but I'm going to assume it's there for a reason.

Refs: https://coverage.nodejs.org/coverage-b560645d6b0a4bed/lib/_http_common.js.html#L137

@nodejs-github-bot nodejs-github-bot added needs-ci PRs that need a full CI run. test Issues and PRs related to the tests. labels Mar 28, 2021
@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

The only way I could find to complete coverage for _http_common.js is to
use semi-private (exposed but probably shouldn't be) handlers to get the
state into something weird. With the if-condition being checked (see
Refs) commented out, I get this result from this test:

```
node:_http_common:140
  if (len > 0 && !stream._dumped) {
                         ^

TypeError: Cannot read property '_dumped' of null
    at HTTPParser.parserOnBody (node:_http_common:140:26)
```

With the check in place, the test passes without an error. Seems like
quite the edge case, but I'm going to assume it's there for a reason.

Refs: https://coverage.nodejs.org/coverage-b560645d6b0a4bed/lib/_http_common.js.html#L137

PR-URL: nodejs#37958
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@Trott Trott force-pushed the robust-from-tampering branch from 5c84d96 to 0da7a11 Compare April 8, 2021 12:21
@Trott
Copy link
Member Author

Trott commented Apr 8, 2021

Landed in 0da7a11

@Trott Trott merged commit 0da7a11 into nodejs:master Apr 8, 2021
@Trott Trott deleted the robust-from-tampering branch April 8, 2021 12:22
targos pushed a commit that referenced this pull request May 1, 2021
The only way I could find to complete coverage for _http_common.js is to
use semi-private (exposed but probably shouldn't be) handlers to get the
state into something weird. With the if-condition being checked (see
Refs) commented out, I get this result from this test:

```
node:_http_common:140
  if (len > 0 && !stream._dumped) {
                         ^

TypeError: Cannot read property '_dumped' of null
    at HTTPParser.parserOnBody (node:_http_common:140:26)
```

With the check in place, the test passes without an error. Seems like
quite the edge case, but I'm going to assume it's there for a reason.

Refs: https://coverage.nodejs.org/coverage-b560645d6b0a4bed/lib/_http_common.js.html#L137

PR-URL: #37958
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@danielleadams danielleadams mentioned this pull request May 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs-ci PRs that need a full CI run. test Issues and PRs related to the tests.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants