diff options
Diffstat (limited to 'netwerk/test/httpserver/test/test_headers.js')
-rw-r--r-- | netwerk/test/httpserver/test/test_headers.js | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/netwerk/test/httpserver/test/test_headers.js b/netwerk/test/httpserver/test/test_headers.js new file mode 100644 index 0000000000..8e920c6f2f --- /dev/null +++ b/netwerk/test/httpserver/test/test_headers.js @@ -0,0 +1,169 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// tests for header storage in httpd.js; nsHttpHeaders is an *internal* data +// structure and is not to be used directly outside of httpd.js itself except +// for testing purposes + +/** + * Ensures that a fieldname-fieldvalue combination is a valid header. + * + * @param fieldName + * the name of the header + * @param fieldValue + * the value of the header + * @param headers + * an nsHttpHeaders object to use to check validity + */ +function assertValidHeader(fieldName, fieldValue, headers) { + try { + headers.setHeader(fieldName, fieldValue, false); + } catch (e) { + do_throw("Unexpected exception thrown: " + e); + } +} + +/** + * Ensures that a fieldname-fieldvalue combination is not a valid header. + * + * @param fieldName + * the name of the header + * @param fieldValue + * the value of the header + * @param headers + * an nsHttpHeaders object to use to check validity + */ +function assertInvalidHeader(fieldName, fieldValue, headers) { + try { + headers.setHeader(fieldName, fieldValue, false); + throw new Error( + `Setting (${fieldName}, ${fieldValue}) as header succeeded!` + ); + } catch (e) { + if (e.result !== Cr.NS_ERROR_INVALID_ARG) { + do_throw("Unexpected exception thrown: " + e); + } + } +} + +function run_test() { + testHeaderValidity(); + testGetHeader(); + testHeaderEnumerator(); + testHasHeader(); +} + +function testHeaderValidity() { + var headers = new nsHttpHeaders(); + + assertInvalidHeader("f o", "bar", headers); + assertInvalidHeader("f\0n", "bar", headers); + assertInvalidHeader("foo:", "bar", headers); + assertInvalidHeader("f\\o", "bar", headers); + assertInvalidHeader("@xml", "bar", headers); + assertInvalidHeader("fiz(", "bar", headers); + assertInvalidHeader("HTTP/1.1", "bar", headers); + assertInvalidHeader('b"b', "bar", headers); + assertInvalidHeader("ascsd\t", "bar", headers); + assertInvalidHeader("{fds", "bar", headers); + assertInvalidHeader("baz?", "bar", headers); + assertInvalidHeader("a\\b\\c", "bar", headers); + assertInvalidHeader("\0x7F", "bar", headers); + assertInvalidHeader("\0x1F", "bar", headers); + assertInvalidHeader("f\n", "bar", headers); + assertInvalidHeader("foo", "b\nar", headers); + assertInvalidHeader("foo", "b\rar", headers); + assertInvalidHeader("foo", "b\0", headers); + + // request splitting, fwiw -- we're actually immune to this type of attack so + // long as we don't implement persistent connections + assertInvalidHeader("f\r\nGET /badness HTTP/1.1\r\nFoo", "bar", headers); + + assertValidHeader("f'", "baz", headers); + assertValidHeader("f`", "baz", headers); + assertValidHeader("f.", "baz", headers); + assertValidHeader("f---", "baz", headers); + assertValidHeader("---", "baz", headers); + assertValidHeader("~~~", "baz", headers); + assertValidHeader("~~~", "b\r\n bar", headers); + assertValidHeader("~~~", "b\r\n\tbar", headers); +} + +function testGetHeader() { + var headers = new nsHttpHeaders(); + + headers.setHeader("Content-Type", "text/html", false); + var c = headers.getHeader("content-type"); + Assert.equal(c, "text/html"); + + headers.setHeader("test", "FOO", false); + c = headers.getHeader("test"); + Assert.equal(c, "FOO"); + + try { + headers.getHeader(":"); + throw new Error("Failed to throw for invalid header"); + } catch (e) { + if (e.result !== Cr.NS_ERROR_INVALID_ARG) { + do_throw("headers.getHeader(':') must throw invalid arg"); + } + } + + try { + headers.getHeader("valid"); + throw new Error("header doesn't exist"); + } catch (e) { + if (e.result !== Cr.NS_ERROR_NOT_AVAILABLE) { + do_throw("shouldn't be a header named 'valid' in headers!"); + } + } +} + +function testHeaderEnumerator() { + var headers = new nsHttpHeaders(); + + var heads = { + foo: "17", + baz: "two six niner", + decaf: "class Program { int .7; int main(){ .7 = 5; return 7 - .7; } }", + }; + + for (var i in heads) { + headers.setHeader(i, heads[i], false); + } + + var en = headers.enumerator; + while (en.hasMoreElements()) { + var it = en.getNext().QueryInterface(Ci.nsISupportsString).data; + Assert.ok(it.toLowerCase() in heads); + delete heads[it.toLowerCase()]; + } + + if (Object.keys(heads).length) { + do_throw("still have properties in heads!?!?"); + } +} + +function testHasHeader() { + var headers = new nsHttpHeaders(); + + headers.setHeader("foo", "bar", false); + Assert.ok(headers.hasHeader("foo")); + Assert.ok(headers.hasHeader("fOo")); + Assert.ok(!headers.hasHeader("not-there")); + + headers.setHeader("f`'~", "bar", false); + Assert.ok(headers.hasHeader("F`'~")); + + try { + headers.hasHeader(":"); + throw new Error("failed to throw"); + } catch (e) { + if (e.result !== Cr.NS_ERROR_INVALID_ARG) { + do_throw(".hasHeader for an invalid name should throw"); + } + } +} |