mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 21:19:50 +01:00
e9ff81016d
PR-URL: https://github.com/nodejs/node/pull/48981 Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
41 lines
934 B
JavaScript
41 lines
934 B
JavaScript
'use strict';
|
|
|
|
const common = require('../common');
|
|
|
|
// Test https://hackerone.com/reports/735748 is fixed.
|
|
|
|
const assert = require('assert');
|
|
const http = require('http');
|
|
const net = require('net');
|
|
|
|
const REQUEST_BB = `POST / HTTP/1.1
|
|
Content-Type: text/plain; charset=utf-8
|
|
Host: hacker.exploit.com
|
|
Connection: keep-alive
|
|
Content-Length: 10
|
|
Transfer-Encoding: eee, chunked
|
|
|
|
HELLOWORLDPOST / HTTP/1.1
|
|
Content-Type: text/plain; charset=utf-8
|
|
Host: hacker.exploit.com
|
|
Connection: keep-alive
|
|
Content-Length: 28
|
|
|
|
I AM A SMUGGLED REQUEST!!!
|
|
`;
|
|
|
|
const server = http.createServer(common.mustNotCall());
|
|
|
|
server.on('clientError', common.mustCall((err) => {
|
|
assert.strictEqual(err.code, 'HPE_INVALID_TRANSFER_ENCODING');
|
|
server.close();
|
|
}));
|
|
|
|
server.listen(0, common.mustCall(() => {
|
|
const client = net.connect(
|
|
server.address().port,
|
|
common.mustCall(() => {
|
|
client.end(REQUEST_BB.replace(/\n/g, '\r\n'));
|
|
}));
|
|
}));
|