summaryrefslogtreecommitdiffstats
path: root/debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch50
1 files changed, 50 insertions, 0 deletions
diff --git a/debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch b/debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch
new file mode 100644
index 0000000..6703482
--- /dev/null
+++ b/debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch
@@ -0,0 +1,50 @@
+From: Willy Tarreau <w@1wt.eu>
+Date: Tue, 8 Aug 2023 19:53:51 +0200
+Subject: REGTESTS: http-rules: verify that we block '#' by default for
+ normalize-uri
+Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=b6b330eb117d520a890e5b3cd623eaa73479db1b
+
+Since we now block fragments by default, let's add an extra test there
+to confirm that it's blocked even when stripping it.
+
+(cherry picked from commit 4d0175b54b2b4eeb01aa6e31282b0a5b0d7d8ace)
+ [ad: backported to test conformance of BUG/MINOR: h1: do not accept '#'
+ as part of the URI component]
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+(cherry picked from commit b3f26043df74c661155566a0abd56103e8116078)
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+(cherry picked from commit 41d161ccbbfa846b4b17ed0166ff08f6bf0c3ea1)
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+---
+ reg-tests/http-rules/normalize_uri.vtc | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/reg-tests/http-rules/normalize_uri.vtc b/reg-tests/http-rules/normalize_uri.vtc
+index 34905eaf93ae..ad7b44acfe55 100644
+--- a/reg-tests/http-rules/normalize_uri.vtc
++++ b/reg-tests/http-rules/normalize_uri.vtc
+@@ -151,6 +151,11 @@ haproxy h1 -conf {
+
+ default_backend be
+
++ frontend fe_fragment_block
++ bind "fd@${fe_fragment_block}"
++ http-request normalize-uri fragment-strip
++ default_backend be
++
+ backend be
+ server s1 ${s1_addr}:${s1_port}
+
+@@ -536,3 +541,9 @@ client c10 -connect ${h1_fe_fragment_encode_sock} {
+ expect resp.http.before == "*"
+ expect resp.http.after == "*"
+ } -run
++
++client c11 -connect ${h1_fe_fragment_block_sock} {
++ txreq -url "/#foo"
++ rxresp
++ expect resp.status == 400
++} -run
+--
+2.43.0
+